-
Notifications
You must be signed in to change notification settings - Fork 10
/
docker-compose.yaml
106 lines (99 loc) · 2.82 KB
/
docker-compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
version: '3.5'
services:
keycloak:
image: jboss/keycloak:11.0.1
environment:
- KEYCLOAK_USER=admin
- KEYCLOAK_PASSWORD=password
- DB_ADDR=mariadb
- DB_USER=keycloak
- DB_PASSWORD=password
- X509_CA_BUNDLE=/tmp/certs/ca.crt
container_name: keycloak
volumes:
- ./certs/keycloak.key:/etc/x509/https/tls.key
- ./certs/keycloak.crt:/etc/x509/https/tls.crt
- ./certs/rootCA.crt:/tmp/certs/ca.crt
- ./keycloak/krb5.conf:/etc/krb5.conf
# For sharing keytab files from Kerberos
- ./keytabs:/tmp/keytabs
# For importing of keycloak config
- ./keycloak/export:/tmp/realm-config
command:
[
'-Dkeycloak.migration.action=import',
'-Dkeycloak.migration.provider=dir',
'-Dkeycloak.migration.dir=/tmp/realm-config',
'-Dkeycloak.migration.strategy=IGNORE_EXISTING',
]
networks:
- keycloak-network
ports:
# HTTP
- 8080:8080
# HTTPS
- 8443:8443
depends_on:
- mariadb
- openldap
mariadb:
image: mariadb:10.5.5
environment:
- MYSQL_DATABASE=keycloak
- MYSQL_ROOT_PASSWORD=password
- MYSQL_USER=keycloak
- MYSQL_PASSWORD=password
container_name: keycloak-mariadb
networks:
- keycloak-network
volumes:
- vol-mariadb:/var/lib/mysql
openldap:
build: ./openldap
image: openldap-kerberos
ports:
# LDAP
- 389:389
- 636:636
# kadmin server
- 749:749
# Kerberos v5
- 88:88
- 88:88/udp
env_file:
- openldap.env
container_name: keycloak-openldap
# `--copy-service` prevents ldif files from being overwritten after subsitution. Add ` --loglevel debug` for debug
# command: --copy-service --loglevel debug
volumes:
- ./certs/ldap.key:/container/service/slapd/assets/certs/ldap.key
- ./certs/ldap.crt:/container/service/slapd/assets/certs/ldap.crt
- ./certs/rootCA.crt:/container/service/slapd/assets/certs/ca.crt
- ./openldap/krb5.conf:/etc/krb5.conf
- ./openldap/krb5kdc:/etc/krb5kdc
# - ./openldap/service/z_krb5kdc/process.sh:/container/service/z_krb5kdc/process.sh
- vol-openldap-ldap:/var/lib/ldap
- vol-openldap-slapd:/etc/ldap/slapd.d
# For sharing keytab files to Keycloak
- ./keytabs:/etc/keytabs
networks:
- keycloak-network
js-console:
build: ./js-console
image: js-console
ports:
- 8000:80
container_name: keycloak-js-console
# For debugging
# volumes:
# - ./js-console/src/index.html:/usr/share/nginx/html/index.html
# - ./js-console/src/keycloak.json:/usr/share/nginx/html/keycloak.json
networks:
- keycloak-network
networks:
keycloak-network:
name: local
volumes:
vol-mariadb:
vol-openldap-ldap:
vol-openldap-slapd: