forked from Haxxnet/Compose-Examples
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
75 lines (72 loc) · 2.13 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
services:
postgres:
image: postgres:16-alpine
container_name: keycloak-db
restart: always
expose:
- 5432
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/keycloak/database:/var/lib/postgresql/data
environment:
POSTGRES_DB: ${POSTGRES_DB}
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
healthcheck:
test: [ "CMD", "pg_isready", "-q", "-d", "${POSTGRES_DB}", "-U", "${POSTGRES_USER}" ]
interval: 10s
timeout: 5s
retries: 3
start_period: 60s
networks:
- keycloak-internal
keycloak:
image: quay.io/keycloak/keycloak:25.0
container_name: keycloak-app
command: start
environment:
KC_HOSTNAME: ${KEYCLOAK_HOSTNAME}
KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://postgres/${POSTGRES_DB}
KC_DB_USERNAME: ${POSTGRES_USER}
KC_DB_PASSWORD: ${POSTGRES_PASSWORD}
KC_PROXY_HEADERS: 'xforwarded'
KC_HTTP_ENABLED: true
KC_HEALTH_ENABLED: true
PROXY_ADDRESS_FORWARDING: 'true'
healthcheck:
test:
- "CMD-SHELL"
- |
exec 3<>/dev/tcp/localhost/9000 &&
echo -e 'GET /health/ready HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n\r\n' >&3 &&
cat <&3 | tee /tmp/healthcheck.log | grep -q '200 OK'
interval: 10s
timeout: 5s
retries: 3
start_period: 90s
ports:
- 8080:8080
expose:
- 8080 # web ui http
- 9000 # health endpoint
restart: always
depends_on:
postgres:
condition: service_healthy
networks:
- keycloak-internal
- proxy
#labels:
# - traefik.enable=true
# - traefik.docker.network=proxy
# - traefik.http.routers.keycloak.rule=Host(`keycloak.example.com`)
# - traefik.http.services.keycloak.loadbalancer.server.port=8080
# # Optional part for traefik middlewares
# - traefik.http.routers.keycloak.middlewares=local-ipwhitelist@file
networks:
keycloak-internal:
internal: true
proxy:
external: true