modified: serv_nginx/.env

modified:   serv_nginx/bbvue/src/views/Members.vue
	modified:   serv_nginx/docker-compose.yml
	new file:   serv_nginx/keycloak/.env
	modified:   serv_nginx/nginx/nginx-ssl.conf
add keycloak and DB for keycloak and set nginx config for keycloak

serv_nginx/.env

@@ -6,4 +6,7 @@ DOMAINS_valitovgaziz=valitovgaziz.ru,www.valitovgaziz.ru
 DOMAINS_easysite102=easysite102.ru,www.easysite102.ru
 DOMAINS_begushiybashkir=xn--80abahjtcfl5d0a8di.xn--p1ai,www.xn--80abahjtcfl5d0a8di.xn--p1ai
 DOMAINS_begushiybashkir_latin=begushiybashkir.ru,www.begushiybashkir.ru
-ALL_DOMAINS=yalarba.ru,www.yalarba.ru,valitovgaziz.ru,www.valitovgaziz.ru,easysite102.ru,www.easysite102.ru,begushiybashkir.ru,www.begushiybashkir.ru,xn--80abahjtcfl5d0a8di.xn--p1ai,www.xn--80abahjtcfl5d0a8di.xn--p1ai
+ALL_DOMAINS=yalarba.ru,www.yalarba.ru,valitovgaziz.ru,www.valitovgaziz.ru,easysite102.ru,www.easysite102.ru,begushiybashkir.ru,www.begushiybashkir.ru,xn--80abahjtcfl5d0a8di.xn--p1ai,www.xn--80abahjtcfl5d0a8di.xn--p1ai,auth.yalarba.ru
+# keycloak
+KEYCLOAK_ADMIN_PASSWORD=your_secure_admin_password
+KEYCLOAK_DB_PASSWORD=your_secure_db_password

serv_nginx/bbvue/src/views/Members.vue

@@ -847,7 +847,8 @@ export default {
 }
 
 .search-input {
-  width: 80%;
+  min-width: 70%;
+  max-width: 95%;
   padding: 15px 20px;
   border: 2px solid #e9ecef;
   border-radius: 25px;

serv_nginx/docker-compose.yml

@@ -39,10 +39,12 @@ services:
       - internal
       - app-network
       - bb-network
+      - keycloak-network
     depends_on:
       - certbot
       - api
       - api_bb
+      - keycloak
 
   api:
     build:
@@ -139,12 +141,82 @@ services:
       timeout: 10s
       retries: 5
 
+  keycloak:
+    image: quay.io/keycloak/keycloak:22.0.0
+    container_name: keycloak
+    restart: unless-stopped
+    environment:
+      # Keycloak администратор
+      KEYCLOAK_ADMIN: admin
+      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin}
+      
+      # Настройки базы данных
+      KC_DB: postgres
+      KC_DB_URL: jdbc:postgresql://keycloak-db:5432/keycloak
+      KC_DB_USERNAME: keycloak
+      KC_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD:-keycloak}
+      
+      # Настройки хоста и HTTPS
+      KC_HOSTNAME: auth.yalarba.ru
+      KC_HOSTNAME_STRICT: true
+      KC_HOSTNAME_STRICT_HTTPS: true
+      KC_HTTP_ENABLED: false
+      KC_PROXY: edge
+      
+      # Настройки для работы за reverse proxy
+      KC_PROXY_HEADERS: xforwarded
+      
+      # Дополнительные опции
+      KC_LOG_LEVEL: INFO
+      KC_METRICS_ENABLED: true
+      
+      # Команды для начальной настройки
+      KC_HEALTH_ENABLED: true
+    command:
+      - start
+      - --optimized
+    volumes:
+      - keycloak_data:/opt/keycloak/data
+      - ./keycloak/themes:/opt/keycloak/themes
+      - ./keycloak/providers:/opt/keycloak/providers
+    networks:
+      - keycloak-network
+      - internal
+    depends_on:
+      keycloak-db:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8080/health/ready"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+
+  keycloak-db:
+    image: postgres:15-alpine
+    container_name: keycloak-db
+    restart: unless-stopped
+    environment:
+      POSTGRES_DB: keycloak
+      POSTGRES_USER: keycloak
+      POSTGRES_PASSWORD: ${KEYCLOAK_DB_PASSWORD:-keycloak}
+    volumes:
+      - keycloak_db_data:/var/lib/postgresql/data
+    networks:
+      - keycloak-network
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U keycloak"]
+      interval: 5s
+      timeout: 10s
+      retries: 5
+
 volumes:
   certbot_data:
   certbot_www:
   postgres_data:
   bb_data:
   uploads_data:
+  keycloak_data:
+  keycloak_db_data:
 
 networks:
   web-network:
@@ -155,3 +227,5 @@ networks:
     driver: bridge
   bb-network:
     driver: bridge
+  keycloak-network:
+    driver: bridge

serv_nginx/keycloak/.env

@@ -0,0 +1,22 @@
+# Keycloak
+KEYCLOAK_VERSION=24.0.4
+KEYCLOAK_USER=admin
+KEYCLOAK_PASSWORD=admin123
+KEYCLOAK_DB_USER=keycloak
+KEYCLOAK_DB_PASSWORD=keycloak123
+KEYCLOAK_DB_NAME=keycloak
+
+# Database
+POSTGRES_VERSION=15
+POSTGRES_DB=keycloak
+POSTGRES_USER=keycloak
+POSTGRES_PASSWORD=keycloak123
+
+# Domains
+KEYCLOAK_FRONTEND_URL=https://auth.yalarba.ru
+DOMAIN_YALARBA=yalarba.ru
+DOMAIN_BEGUSHIYBASHKIR=begushiybashkir.ru
+
+# Internal
+KEYCLOAK_HTTP_PORT=8080
+KEYCLOAK_INTERNAL_PORT=8080

serv_nginx/nginx/nginx-ssl.conf

@@ -1,3 +1,16 @@
+# Upstreams
+upstream keycloak_backend {
+    server keycloak:8080;
+}
+
+upstream api_backend {
+    server api:8080;
+}
+
+upstream api_bb_backend {
+    server api_bb:8080;
+}
+
 server {
     listen 80;
     server_name yalarba.ru www.yalarba.ru valitovgaziz.ru www.valitovgaziz.ru easysite102.ru www.easysite102.ru begushiybashkir.ru xn--80abahjtcfl5d0a8di.xn--p1ai;
@@ -40,7 +53,7 @@ server {
 
     # New location for REST API
     location /api/ {
-        proxy_pass http://api:8080/;
+        proxy_pass http://api/;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -51,8 +64,19 @@ server {
         proxy_read_timeout 600;
     }
 
+    # Keycloak integration
+    location /auth/ {
+        proxy_pass http://keycloak_backend/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $host;
+    }
+
 }
 
+
 server {
     listen 443 ssl;
     server_name valitovgaziz.ru www.valitovgaziz.ru;
@@ -131,7 +155,7 @@ server {
 
     # New location for REST API
     location /api/ {
-        proxy_pass http://api_bb:8080/;
+        proxy_pass http://api_bb/;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;