modified: serv_nginx/.env

modified:   serv_nginx/bbvue/src/views/Members.vue
	modified:   serv_nginx/docker-compose.yml
	new file:   serv_nginx/keycloak/.env
	modified:   serv_nginx/nginx/nginx-ssl.conf
add keycloak and DB for keycloak and set nginx config for keycloak

serv_nginx/docker-compose.yml

@@ -39,10 +39,12 @@ services:
       - internal
       - app-network
       - bb-network
+      - keycloak-network
     depends_on:
       - certbot
       - api
       - api_bb
+      - keycloak
 
   api:
     build:
@@ -139,12 +141,82 @@ services:
       timeout: 10s
       retries: 5
 
+  keycloak:
+    image: quay.io/keycloak/keycloak:22.0.0
+    container_name: keycloak
+    restart: unless-stopped
+    environment:
+      # Keycloak администратор
+      KEYCLOAK_ADMIN: admin
+      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin}
+      
+      # Настройки базы данных
+      KC_DB: postgres
+      KC_DB_URL: jdbc:postgresql://keycloak-db:5432/keycloak
+      KC_DB_USERNAME: keycloak
+      KC_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD:-keycloak}
+      
+      # Настройки хоста и HTTPS
+      KC_HOSTNAME: auth.yalarba.ru
+      KC_HOSTNAME_STRICT: true
+      KC_HOSTNAME_STRICT_HTTPS: true
+      KC_HTTP_ENABLED: false
+      KC_PROXY: edge
+      
+      # Настройки для работы за reverse proxy
+      KC_PROXY_HEADERS: xforwarded
+      
+      # Дополнительные опции
+      KC_LOG_LEVEL: INFO
+      KC_METRICS_ENABLED: true
+      
+      # Команды для начальной настройки
+      KC_HEALTH_ENABLED: true
+    command:
+      - start
+      - --optimized
+    volumes:
+      - keycloak_data:/opt/keycloak/data
+      - ./keycloak/themes:/opt/keycloak/themes
+      - ./keycloak/providers:/opt/keycloak/providers
+    networks:
+      - keycloak-network
+      - internal
+    depends_on:
+      keycloak-db:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8080/health/ready"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+
+  keycloak-db:
+    image: postgres:15-alpine
+    container_name: keycloak-db
+    restart: unless-stopped
+    environment:
+      POSTGRES_DB: keycloak
+      POSTGRES_USER: keycloak
+      POSTGRES_PASSWORD: ${KEYCLOAK_DB_PASSWORD:-keycloak}
+    volumes:
+      - keycloak_db_data:/var/lib/postgresql/data
+    networks:
+      - keycloak-network
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U keycloak"]
+      interval: 5s
+      timeout: 10s
+      retries: 5
+
 volumes:
   certbot_data:
   certbot_www:
   postgres_data:
   bb_data:
   uploads_data:
+  keycloak_data:
+  keycloak_db_data:
 
 networks:
   web-network:
@@ -154,4 +226,6 @@ networks:
   app-network:
     driver: bridge
   bb-network:
+    driver: bridge
+  keycloak-network:
     driver: bridge