modified: serv_nginx/docker-compose.yml

change keycloak configs
2025-10-21 04:19:55 +05:00
parent 5e37e8c920
commit 8dc89029f3
1 changed files with 45 additions and 49 deletions
@@ -157,64 +157,60 @@ services:
      timeout: 10s
      retries: 5
-  keycloak:
+keycloak:
-    image: quay.io/keycloak/keycloak:22.0.0
+  image: quay.io/keycloak/keycloak:22.0.0
-    container_name: keycloak
+  container_name: keycloak
-    restart: unless-stopped
+  restart: unless-stopped
-    environment:
+  environment:
-      # Keycloak администратор
+    # Keycloak администратор
-      KEYCLOAK_ADMIN: admin
+    KEYCLOAK_ADMIN: admin
-      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin}
+    KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin}
-      # Настройки базы данных
+    # Настройки базы данных
-      KC_DB: postgres
+    KC_DB: postgres
-      KC_DB_URL: jdbc:postgresql://keycloak-db:5432/keycloak
+    KC_DB_URL: jdbc:postgresql://keycloak-db:5432/keycloak
-      KC_DB_USERNAME: keycloak
+    KC_DB_USERNAME: keycloak
-      KC_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD:-keycloak}
+    KC_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD:-keycloak}
-      # Настройки хоста и HTTPS
+    # Настройки хоста и HTTPS
-      KC_HOSTNAME: auth.yalarba.ru
+    KC_HOSTNAME: auth.yalarba.ru
-      KC_HOSTNAME_STRICT: true
+    KC_HOSTNAME_STRICT: true
-      KC_HOSTNAME_STRICT_HTTPS: true
+    KC_HOSTNAME_STRICT_HTTPS: true
-      KC_HTTP_ENABLED: false
+    KC_HTTP_ENABLED: false
-      KC_PROXY: edge
+    KC_PROXY: edge
-      # Настройки для работы за reverse proxy
+    # Дополнительные опции
-      KC_PROXY_HEADERS: xforwarded
+    KC_LOG_LEVEL: INFO
    KC_METRICS_ENABLED: true
    KC_HEALTH_ENABLED: true
-      # Дополнительные опции
+    # Отключаем импорт по умолчанию
-      KC_LOG_LEVEL: INFO
+    KC_IMPORT: false
-      KC_METRICS_ENABLED: true
+  command:
-
+    - start
-      # Команды для начальной настройки
+    - --optimized
-      KC_HEALTH_ENABLED: true
+  volumes:
-    command:
+    - keycloak_data:/opt/keycloak/data
-      - start
+    - ./keycloak/themes:/opt/keycloak/themes
-      - --optimized
+    - ./keycloak/providers:/opt/keycloak/providers
-      - --db=postgres
+  networks:
-      - --db-url=jdbc:postgresql://keycloak-db:5432/keycloak
+    - keycloak-network
-      - --db-username=keycloak
+    - internal
-      - --db-password=${KEYCLOAK_DB_PASSWORD:-keycloak}
+  depends_on:
-    volumes:
+    keycloak-db:
-      - keycloak_data:/opt/keycloak/data
+      condition: service_healthy
-      - ./keycloak/themes:/opt/keycloak/themes
+  healthcheck:
-      - ./keycloak/providers:/opt/keycloak/providers
+    test: ["CMD", "curl", "-f", "http://localhost:8080/health/ready"]
-    networks:
+    interval: 30s
-      - keycloak-network
+    timeout: 10s
-      - internal
+    retries: 3
    depends_on:
      keycloak-db:
        condition: service_healthy
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8080/health/ready"]
      interval: 30s
      timeout: 10s
      retries: 3
  keycloak-db:
    image: postgres:15-alpine
    container_name: keycloak-db
    restart: unless-stopped
    ports:
      - "5434:5432"
    environment:
      POSTGRES_DB: keycloak
      POSTGRES_USER: keycloak