modified: serv_nginx/.env

modified: serv_nginx/bbvue/src/views/Members.vue modified: serv_nginx/docker-compose.yml new file: serv_nginx/keycloak/.env modified: serv_nginx/nginx/nginx-ssl.conf add keycloak and DB for keycloak and set nginx config for keycloak
2025-10-21 03:41:41 +05:00
parent 78ca030dab
commit 3e832a774d
5 changed files with 128 additions and 4 deletions
@@ -6,4 +6,7 @@ DOMAINS_valitovgaziz=valitovgaziz.ru,www.valitovgaziz.ru
 DOMAINS_easysite102=easysite102.ru,www.easysite102.ru
 DOMAINS_begushiybashkir=xn--80abahjtcfl5d0a8di.xn--p1ai,www.xn--80abahjtcfl5d0a8di.xn--p1ai
 DOMAINS_begushiybashkir_latin=begushiybashkir.ru,www.begushiybashkir.ru
-ALL_DOMAINS=yalarba.ru,www.yalarba.ru,valitovgaziz.ru,www.valitovgaziz.ru,easysite102.ru,www.easysite102.ru,begushiybashkir.ru,www.begushiybashkir.ru,xn--80abahjtcfl5d0a8di.xn--p1ai,www.xn--80abahjtcfl5d0a8di.xn--p1ai
+ALL_DOMAINS=yalarba.ru,www.yalarba.ru,valitovgaziz.ru,www.valitovgaziz.ru,easysite102.ru,www.easysite102.ru,begushiybashkir.ru,www.begushiybashkir.ru,xn--80abahjtcfl5d0a8di.xn--p1ai,www.xn--80abahjtcfl5d0a8di.xn--p1ai,auth.yalarba.ru
+# keycloak
+KEYCLOAK_ADMIN_PASSWORD=your_secure_admin_password
+KEYCLOAK_DB_PASSWORD=your_secure_db_password
@@ -847,7 +847,8 @@ export default {
 }

 .search-input {
-  width: 80%;
+  min-width: 70%;
+  max-width: 95%;
  padding: 15px 20px;
  border: 2px solid #e9ecef;
  border-radius: 25px;
@@ -39,10 +39,12 @@ services:
      - internal
      - app-network
      - bb-network
+      - keycloak-network
    depends_on:
      - certbot
      - api
      - api_bb
+      - keycloak

  api:
    build:
@@ -139,12 +141,82 @@ services:
      timeout: 10s
      retries: 5

+  keycloak:
+    image: quay.io/keycloak/keycloak:22.0.0
+    container_name: keycloak
+    restart: unless-stopped
+    environment:
+      # Keycloak администратор
+      KEYCLOAK_ADMIN: admin
+      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin}
+      
+      # Настройки базы данных
+      KC_DB: postgres
+      KC_DB_URL: jdbc:postgresql://keycloak-db:5432/keycloak
+      KC_DB_USERNAME: keycloak
+      KC_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD:-keycloak}
+      
+      # Настройки хоста и HTTPS
+      KC_HOSTNAME: auth.yalarba.ru
+      KC_HOSTNAME_STRICT: true
+      KC_HOSTNAME_STRICT_HTTPS: true
+      KC_HTTP_ENABLED: false
+      KC_PROXY: edge
+      
+      # Настройки для работы за reverse proxy
+      KC_PROXY_HEADERS: xforwarded
+      
+      # Дополнительные опции
+      KC_LOG_LEVEL: INFO
+      KC_METRICS_ENABLED: true
+      
+      # Команды для начальной настройки
+      KC_HEALTH_ENABLED: true
+    command:
+      - start
+      - --optimized
+    volumes:
+      - keycloak_data:/opt/keycloak/data
+      - ./keycloak/themes:/opt/keycloak/themes
+      - ./keycloak/providers:/opt/keycloak/providers
+    networks:
+      - keycloak-network
+      - internal
+    depends_on:
+      keycloak-db:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8080/health/ready"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+
+  keycloak-db:
+    image: postgres:15-alpine
+    container_name: keycloak-db
+    restart: unless-stopped
+    environment:
+      POSTGRES_DB: keycloak
+      POSTGRES_USER: keycloak
+      POSTGRES_PASSWORD: ${KEYCLOAK_DB_PASSWORD:-keycloak}
+    volumes:
+      - keycloak_db_data:/var/lib/postgresql/data
+    networks:
+      - keycloak-network
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U keycloak"]
+      interval: 5s
+      timeout: 10s
+      retries: 5
+
 volumes:
  certbot_data:
  certbot_www:
  postgres_data:
  bb_data:
  uploads_data:
+  keycloak_data:
+  keycloak_db_data:

 networks:
  web-network:
@@ -155,3 +227,5 @@ networks:
    driver: bridge
  bb-network:
    driver: bridge
+  keycloak-network:
+    driver: bridge
@@ -0,0 +1,22 @@
+# Keycloak
+KEYCLOAK_VERSION=24.0.4
+KEYCLOAK_USER=admin
+KEYCLOAK_PASSWORD=admin123
+KEYCLOAK_DB_USER=keycloak
+KEYCLOAK_DB_PASSWORD=keycloak123
+KEYCLOAK_DB_NAME=keycloak
+
+# Database
+POSTGRES_VERSION=15
+POSTGRES_DB=keycloak
+POSTGRES_USER=keycloak
+POSTGRES_PASSWORD=keycloak123
+
+# Domains
+KEYCLOAK_FRONTEND_URL=https://auth.yalarba.ru
+DOMAIN_YALARBA=yalarba.ru
+DOMAIN_BEGUSHIYBASHKIR=begushiybashkir.ru
+
+# Internal
+KEYCLOAK_HTTP_PORT=8080
+KEYCLOAK_INTERNAL_PORT=8080
@@ -1,3 +1,16 @@
+# Upstreams
+upstream keycloak_backend {
+    server keycloak:8080;
+}
+
+upstream api_backend {
+    server api:8080;
+}
+
+upstream api_bb_backend {
+    server api_bb:8080;
+}
+
 server {
    listen 80;
    server_name yalarba.ru www.yalarba.ru valitovgaziz.ru www.valitovgaziz.ru easysite102.ru www.easysite102.ru begushiybashkir.ru xn--80abahjtcfl5d0a8di.xn--p1ai;
@@ -40,7 +53,7 @@ server {

    # New location for REST API
    location /api/ {
-        proxy_pass http://api:8080/;
+        proxy_pass http://api/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -51,8 +64,19 @@ server {
        proxy_read_timeout 600;
    }

+    # Keycloak integration
+    location /auth/ {
+        proxy_pass http://keycloak_backend/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $host;
+    }
+
 }

+
 server {
    listen 443 ssl;
    server_name valitovgaziz.ru www.valitovgaziz.ru;
@@ -131,7 +155,7 @@ server {

    # New location for REST API
    location /api/ {
-        proxy_pass http://api_bb:8080/;
+        proxy_pass http://api_bb/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;