updated server and dev configs for kc

cambridge-cares · Nov 11, 2024 · bf7eb16 · bf7eb16
1 parent 5ed6000
commit bf7eb16
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 67 deletions.
diff --git a/web/twa-vis-platform/auth/compose.yml b/web/twa-vis-platform/auth/compose.yml
@@ -7,8 +7,8 @@ services:
       - "8080:8080"
       - "8443:8443"
     environment:
-      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN:-admin}    
-      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-theworldavatar}
+      KC_BOOTSTRAP_ADMIN_USERNAME: ${KC_BOOTSTRAP_ADMIN_USERNAME:-admin}    
+      KC_BOOTSTRAP_ADMIN_PASSWORD: ${KC_BOOTSTRAP_ADMIN_PASSWORD:-theworldavatar}
       KC_LOG: console,file
       KC_LOG_LEVEL: info
       KC_LOG_CONSOLE_COLOR: true
@@ -26,6 +26,42 @@ services:
     networks:
       - auth-network
 
+  keycloak-server:
+    container_name: "keycloak-server"
+    image: keycloak/keycloak:26.0
+    ports:
+      - "8080:8080"
+    environment:
+      TZ: Europe/London
+      KC_BOOTSTRAP_ADMIN_USERNAME: ${KC_BOOTSTRAP_ADMIN_USERNAME}
+      KC_BOOTSTRAP_ADMIN_PASSWORD: ${KC_BOOTSTRAP_ADMIN_PASSWORD}
+      ###################################################
+      KC_LOG: console,file
+      KC_LOG_CONSOLE_LEVEL: info
+      KC_LOG_CONSOLE_COLOR: true
+      KC_LOG_FILE_LEVEL: trace
+      ###################################################
+      KC_HOSTNAME: ## set hostname as configured in reverse proxy here
+      KC_HOSTNAME_ADMIN: ## optionally set hostname as configured in reverse proxy here
+      # KC_HOSTNAME_DEBUG: true # if necessary
+      KC_HOSTNAME_BACKCHANNEL_DYNAMIC: false # not needed to allow other containers to commumicate with keycloak server-side
+      ###################################################
+      KC_DB_URL_HOST: postgres
+      KC_DB_USERNAME: postgres
+      KC_DB: postgres
+      KC_DB_PASSWORD: ${POSTGRES_PASSWORD}
+      KC_DB_POOL_MAX_SIZE: 50
+      ###################################################
+      KC_HEALTH_ENABLED: true
+      KC_HTTP_ENABLED: true ## this replaces the prox  y mode (whether to forward in SSL or not), works if we assume this is edge server
+      KC_PROXY_HEADERS: xforwarded ## this replaces the proxy mode (whether to forward in SSL or not)
+      # KC_TLS_HOSTNAME_VERIFIER: ANY
+    command: start --import-realm #--optimized
+    volumes:
+      - ./realm:/opt/keycloak/data/import:ro # the realm to import
+    networks:
+      - auth-network
+
   redis:
     restart: always
     container_name: "bnl-redis"
@@ -89,4 +125,8 @@ networks:
 
 secrets:
   postgres-password:
-    file: ./postgres-password
+    file: ./postgres-password
+
+volumes:
+  dragonflydata:
+  postgres-data:
diff --git a/web/twa-vis-platform/auth/cooooooooooompose.yml b/web/twa-vis-platform/auth/cooooooooooompose.yml