services:
  keycloak:
    image: quay.io/keycloak/keycloak:22.0.0
    container_name: keycloak
    restart: unless-stopped
    environment:
      KC_HOSTNAME: keycloak.your-domain.com  # Замените на ваш домен
      KC_HOSTNAME_PORT: 443
      KC_HOSTNAME_STRICT: "false"
      KC_HTTP_ENABLED: "true"
      KC_PROXY: edge
      KC_PROXY_HEADERS: xforwarded
      
      # Режим запуска (dev для разработки, production для продакшена)
      KC_HEALTH_ENABLED: "true"
      KC_METRICS_ENABLED: "true"
      
      # База данных
      KC_DB: postgres
      KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
      KC_DB_USERNAME: keycloak
      KC_DB_PASSWORD: strong_password
      
      # Админ пользователь
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: secure_admin_password
      
      # Дополнительные настройки
      KC_LOG_LEVEL: INFO
      JAVA_OPTS: "-Xms512m -Xmx1024m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m"
    
    ports:
      - "8080:8080"
      - "8443:8443"
    
    volumes:
      - ./data:/opt/keycloak/data
      - ./logs:/opt/keycloak/log
      - ./import:/opt/keycloak/import
      - ./export:/opt/keycloak/export
    
    depends_on:
      - postgres
    
    networks:
      - keycloak-network

  postgres:
    image: postgres:15
    container_name: keycloak-postgres
    restart: unless-stopped
    environment:
      POSTGRES_DB: keycloak
      POSTGRES_USER: keycloak
      POSTGRES_PASSWORD: strong_password
    volumes:
      - ./postgres_data:/var/lib/postgresql/data
    networks:
      - keycloak-network
    command: postgres -c 'max_connections=200'

networks:
  keycloak-network:
    driver: bridge

volumes:
  postgres_data: