diff --git a/serv_nginx/.env b/serv_nginx/.env index 7c5a312..d141fc3 100644 --- a/serv_nginx/.env +++ b/serv_nginx/.env @@ -6,4 +6,7 @@ DOMAINS_valitovgaziz=valitovgaziz.ru,www.valitovgaziz.ru DOMAINS_easysite102=easysite102.ru,www.easysite102.ru DOMAINS_begushiybashkir=xn--80abahjtcfl5d0a8di.xn--p1ai,www.xn--80abahjtcfl5d0a8di.xn--p1ai DOMAINS_begushiybashkir_latin=begushiybashkir.ru,www.begushiybashkir.ru -ALL_DOMAINS=yalarba.ru,www.yalarba.ru,valitovgaziz.ru,www.valitovgaziz.ru,easysite102.ru,www.easysite102.ru,begushiybashkir.ru,www.begushiybashkir.ru,xn--80abahjtcfl5d0a8di.xn--p1ai,www.xn--80abahjtcfl5d0a8di.xn--p1ai \ No newline at end of file +ALL_DOMAINS=yalarba.ru,www.yalarba.ru,valitovgaziz.ru,www.valitovgaziz.ru,easysite102.ru,www.easysite102.ru,begushiybashkir.ru,www.begushiybashkir.ru,xn--80abahjtcfl5d0a8di.xn--p1ai,www.xn--80abahjtcfl5d0a8di.xn--p1ai,auth.yalarba.ru +# keycloak +KEYCLOAK_ADMIN_PASSWORD=your_secure_admin_password +KEYCLOAK_DB_PASSWORD=your_secure_db_password \ No newline at end of file diff --git a/serv_nginx/bbvue/src/views/Members.vue b/serv_nginx/bbvue/src/views/Members.vue index 658788e..d016f7b 100644 --- a/serv_nginx/bbvue/src/views/Members.vue +++ b/serv_nginx/bbvue/src/views/Members.vue @@ -847,7 +847,8 @@ export default { } .search-input { - width: 80%; + min-width: 70%; + max-width: 95%; padding: 15px 20px; border: 2px solid #e9ecef; border-radius: 25px; diff --git a/serv_nginx/docker-compose.yml b/serv_nginx/docker-compose.yml index 81a9cb5..d2b28fc 100644 --- a/serv_nginx/docker-compose.yml +++ b/serv_nginx/docker-compose.yml @@ -39,10 +39,12 @@ services: - internal - app-network - bb-network + - keycloak-network depends_on: - certbot - api - api_bb + - keycloak api: build: @@ -139,12 +141,82 @@ services: timeout: 10s retries: 5 + keycloak: + image: quay.io/keycloak/keycloak:22.0.0 + container_name: keycloak + restart: unless-stopped + environment: + # Keycloak администратор + KEYCLOAK_ADMIN: admin + KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin} + + # Настройки базы данных + KC_DB: postgres + KC_DB_URL: jdbc:postgresql://keycloak-db:5432/keycloak + KC_DB_USERNAME: keycloak + KC_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD:-keycloak} + + # Настройки хоста и HTTPS + KC_HOSTNAME: auth.yalarba.ru + KC_HOSTNAME_STRICT: true + KC_HOSTNAME_STRICT_HTTPS: true + KC_HTTP_ENABLED: false + KC_PROXY: edge + + # Настройки для работы за reverse proxy + KC_PROXY_HEADERS: xforwarded + + # Дополнительные опции + KC_LOG_LEVEL: INFO + KC_METRICS_ENABLED: true + + # Команды для начальной настройки + KC_HEALTH_ENABLED: true + command: + - start + - --optimized + volumes: + - keycloak_data:/opt/keycloak/data + - ./keycloak/themes:/opt/keycloak/themes + - ./keycloak/providers:/opt/keycloak/providers + networks: + - keycloak-network + - internal + depends_on: + keycloak-db: + condition: service_healthy + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8080/health/ready"] + interval: 30s + timeout: 10s + retries: 3 + + keycloak-db: + image: postgres:15-alpine + container_name: keycloak-db + restart: unless-stopped + environment: + POSTGRES_DB: keycloak + POSTGRES_USER: keycloak + POSTGRES_PASSWORD: ${KEYCLOAK_DB_PASSWORD:-keycloak} + volumes: + - keycloak_db_data:/var/lib/postgresql/data + networks: + - keycloak-network + healthcheck: + test: ["CMD-SHELL", "pg_isready -U keycloak"] + interval: 5s + timeout: 10s + retries: 5 + volumes: certbot_data: certbot_www: postgres_data: bb_data: uploads_data: + keycloak_data: + keycloak_db_data: networks: web-network: @@ -154,4 +226,6 @@ networks: app-network: driver: bridge bb-network: + driver: bridge + keycloak-network: driver: bridge \ No newline at end of file diff --git a/serv_nginx/keycloak/.env b/serv_nginx/keycloak/.env new file mode 100644 index 0000000..7f4bdf7 --- /dev/null +++ b/serv_nginx/keycloak/.env @@ -0,0 +1,22 @@ +# Keycloak +KEYCLOAK_VERSION=24.0.4 +KEYCLOAK_USER=admin +KEYCLOAK_PASSWORD=admin123 +KEYCLOAK_DB_USER=keycloak +KEYCLOAK_DB_PASSWORD=keycloak123 +KEYCLOAK_DB_NAME=keycloak + +# Database +POSTGRES_VERSION=15 +POSTGRES_DB=keycloak +POSTGRES_USER=keycloak +POSTGRES_PASSWORD=keycloak123 + +# Domains +KEYCLOAK_FRONTEND_URL=https://auth.yalarba.ru +DOMAIN_YALARBA=yalarba.ru +DOMAIN_BEGUSHIYBASHKIR=begushiybashkir.ru + +# Internal +KEYCLOAK_HTTP_PORT=8080 +KEYCLOAK_INTERNAL_PORT=8080 \ No newline at end of file diff --git a/serv_nginx/nginx/nginx-ssl.conf b/serv_nginx/nginx/nginx-ssl.conf index 68deca9..2431805 100644 --- a/serv_nginx/nginx/nginx-ssl.conf +++ b/serv_nginx/nginx/nginx-ssl.conf @@ -1,3 +1,16 @@ +# Upstreams +upstream keycloak_backend { + server keycloak:8080; +} + +upstream api_backend { + server api:8080; +} + +upstream api_bb_backend { + server api_bb:8080; +} + server { listen 80; server_name yalarba.ru www.yalarba.ru valitovgaziz.ru www.valitovgaziz.ru easysite102.ru www.easysite102.ru begushiybashkir.ru xn--80abahjtcfl5d0a8di.xn--p1ai; @@ -40,7 +53,7 @@ server { # New location for REST API location /api/ { - proxy_pass http://api:8080/; + proxy_pass http://api/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -51,8 +64,19 @@ server { proxy_read_timeout 600; } + # Keycloak integration + location /auth/ { + proxy_pass http://keycloak_backend/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + } + } + server { listen 443 ssl; server_name valitovgaziz.ru www.valitovgaziz.ru; @@ -131,7 +155,7 @@ server { # New location for REST API location /api/ { - proxy_pass http://api_bb:8080/; + proxy_pass http://api_bb/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;