diff --git a/main_dc/keycloak/.env.keycloak b/main_dc/keycloak/.env.keycloak deleted file mode 100644 index 7f4bdf7..0000000 --- a/main_dc/keycloak/.env.keycloak +++ /dev/null @@ -1,22 +0,0 @@ -# Keycloak -KEYCLOAK_VERSION=24.0.4 -KEYCLOAK_USER=admin -KEYCLOAK_PASSWORD=admin123 -KEYCLOAK_DB_USER=keycloak -KEYCLOAK_DB_PASSWORD=keycloak123 -KEYCLOAK_DB_NAME=keycloak - -# Database -POSTGRES_VERSION=15 -POSTGRES_DB=keycloak -POSTGRES_USER=keycloak -POSTGRES_PASSWORD=keycloak123 - -# Domains -KEYCLOAK_FRONTEND_URL=https://auth.yalarba.ru -DOMAIN_YALARBA=yalarba.ru -DOMAIN_BEGUSHIYBASHKIR=begushiybashkir.ru - -# Internal -KEYCLOAK_HTTP_PORT=8080 -KEYCLOAK_INTERNAL_PORT=8080 \ No newline at end of file diff --git a/main_dc/keycloak/Dockerfile b/main_dc/keycloak/Dockerfile deleted file mode 100644 index 979f961..0000000 --- a/main_dc/keycloak/Dockerfile +++ /dev/null @@ -1,17 +0,0 @@ -FROM quay.io/keycloak/keycloak:24.0.4 as builder - -# Устанавливаем фичи и собираем optimized образ -RUN /opt/keycloak/bin/kc.sh build --db=postgres --features=token-exchange,admin-fine-grained-authz --optimized - -FROM quay.io/keycloak/keycloak:24.0.4 - -# Копируем собранный optimized образ -COPY --from=builder /opt/keycloak/ /opt/keycloak/ - -WORKDIR /opt/keycloak - -# Экспортируем порт -EXPOSE 8080 - -# Запускаем в optimized режиме -ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start", "--optimized"] \ No newline at end of file diff --git a/main_dc/keycloak/keycloak.conf b/main_dc/keycloak/keycloak.conf deleted file mode 100644 index 9e551ee..0000000 --- a/main_dc/keycloak/keycloak.conf +++ /dev/null @@ -1,37 +0,0 @@ -# Database configuration - ИСПРАВЛЕННЫЙ ФОРМАТ -db=postgres -db-url=jdbc:postgresql://keycloak-db:5432/keycloak -db-username=keycloak -db-password=${KC_DB_PASSWORD} - -# Admin credentials -admin-username=${KEYCLOAK_ADMIN} -admin-password=${KEYCLOAK_ADMIN_PASSWORD} - -# HTTP configuration -http-enabled=true -http-port=8080 -http-relative-path=/auth - -# Hostname configuration -hostname=https://yalarba.ru -hostname-path=/auth -hostname-strict=true -hostname-strict-https=true -hostname-strict-backchannel=false - -# Proxy configuration -proxy=reencrypt -proxy-address-forwarding=true - -# Health checks -health-enabled=true - -# Features -features=token-exchange,admin-fine-grained-authz - -# Logging -log-level=INFO - -# Transaction recovery (для исправления предупреждения) -transaction-xa-enabled=true \ No newline at end of file diff --git a/main_dc/keycloak/realm-config/setup-realm.json b/main_dc/keycloak/realm-config/setup-realm.json deleted file mode 100644 index b4a6e6a..0000000 --- a/main_dc/keycloak/realm-config/setup-realm.json +++ /dev/null @@ -1,112 +0,0 @@ -{ - "id": "master", - "realm": "master", - "displayName": "Yalarba & Begushiybashkir", - "displayNameHtml": "
Yalarba Auth
", - "enabled": true, - "sslRequired": "external", - "registrationAllowed": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": true, - "editUsernameAllowed": false, - "bruteForceProtected": true, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 5, - - "clients": [ - { - "clientId": "yalarba-web", - "name": "Yalarba.ru Web Application", - "description": "Web application for yalarba.ru", - "enabled": true, - "protocol": "openid-connect", - "publicClient": true, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "rootUrl": "https://yalarba.ru", - "baseUrl": "https://yalarba.ru", - "redirectUris": [ - "https://yalarba.ru/*", - "https://www.yalarba.ru/*" - ], - "webOrigins": [ - "https://yalarba.ru", - "https://www.yalarba.ru" - ], - "attributes": { - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline_tokens": "false" - } - }, - { - "clientId": "begushiybashkir-web", - "name": "Begushiybashkir.ru Web Application", - "description": "Web application for begushiybashkir.ru", - "enabled": true, - "protocol": "openid-connect", - "publicClient": true, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "rootUrl": "https://begushiybashkir.ru", - "baseUrl": "https://begushiybashkir.ru", - "redirectUris": [ - "https://begushiybashkir.ru/*", - "https://www.begushiybashkir.ru/*" - ], - "webOrigins": [ - "https://begushiybashkir.ru", - "https://www.begushiybashkir.ru" - ], - "attributes": { - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline_tokens": "false" - } - }, - { - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "enabled": true, - "protocol": "openid-connect", - "publicClient": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": true - } - ], - - "users": [ - { - "username": "superadmin", - "email": "admin@yalarba.ru", - "firstName": "Super", - "lastName": "Admin", - "enabled": true, - "emailVerified": true, - "credentials": [ - { - "type": "password", - "value": "SuperAdmin123!", - "temporary": false - } - ], - "realmRoles": [ - "admin", - "default-role-master" - ], - "clientRoles": { - "realm-management": [ - "realm-admin" - ] - } - } - ] -} \ No newline at end of file