[bitnami/keycloak] Release 26.3.2-debian-12-r2 (#84959)
Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com>
This commit is contained in:
Bitnami Bot
GitHub
parent
ea2f7ee621
commit
e0a9851464
|
|
@ -9,7 +9,7 @@ ARG TARGETARCH
|
|||
|
||||
LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \
|
||||
org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
|
||||
org.opencontainers.image.created="2025-08-07T14:05:13Z" \
|
||||
org.opencontainers.image.created="2025-08-07T17:34:44Z" \
|
||||
org.opencontainers.image.description="Application packaged by Broadcom, Inc." \
|
||||
org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/keycloak/README.md" \
|
||||
org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/keycloak" \
|
||||
|
|
@ -32,7 +32,7 @@ RUN --mount=type=secret,id=downloads_url,env=SECRET_DOWNLOADS_URL \
|
|||
COMPONENTS=( \
|
||||
"wait-for-port-1.0.9-2-linux-${OS_ARCH}-debian-12" \
|
||||
"jre-21.0.8-12-0-linux-${OS_ARCH}-debian-12" \
|
||||
"keycloak-26.3.2-0-linux-${OS_ARCH}-debian-12" \
|
||||
"keycloak-26.3.2-1-linux-${OS_ARCH}-debian-12" \
|
||||
) ; \
|
||||
for COMPONENT in "${COMPONENTS[@]}"; do \
|
||||
if [ ! -f "${COMPONENT}.tar.gz" ]; then \
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
"arch": "amd64",
|
||||
"distro": "debian-12",
|
||||
"type": "NAMI",
|
||||
"version": "26.3.2-0"
|
||||
"version": "26.3.2-1"
|
||||
},
|
||||
"wait-for-port": {
|
||||
"arch": "amd64",
|
||||
|
|
|
|||
|
|
@ -26,73 +26,68 @@ export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}"
|
|||
keycloak_env_vars=(
|
||||
KEYCLOAK_MOUNTED_CONF_DIR
|
||||
KC_RUN_IN_CONTAINER
|
||||
KEYCLOAK_ADMIN
|
||||
KEYCLOAK_ADMIN_PASSWORD
|
||||
KEYCLOAK_HTTP_RELATIVE_PATH
|
||||
KEYCLOAK_HTTP_PORT
|
||||
KEYCLOAK_HTTPS_PORT
|
||||
KEYCLOAK_BIND_ADDRESS
|
||||
KEYCLOAK_BOOTSTRAP_ADMIN_PASSWORD
|
||||
KEYCLOAK_HOSTNAME
|
||||
KEYCLOAK_HOSTNAME_ADMIN
|
||||
KEYCLOAK_HOSTNAME_STRICT
|
||||
KEYCLOAK_INIT_MAX_RETRIES
|
||||
KEYCLOAK_CACHE_TYPE
|
||||
KEYCLOAK_CACHE_STACK
|
||||
KEYCLOAK_CACHE_CONFIG_FILE
|
||||
KEYCLOAK_EXTRA_ARGS
|
||||
KEYCLOAK_ENABLE_STATISTICS
|
||||
KEYCLOAK_ENABLE_HEALTH_ENDPOINTS
|
||||
KEYCLOAK_ENABLE_HTTPS
|
||||
KEYCLOAK_HTTPS_TRUST_STORE_FILE
|
||||
KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD
|
||||
KEYCLOAK_HTTPS_KEY_STORE_FILE
|
||||
KEYCLOAK_HTTPS_KEY_STORE_PASSWORD
|
||||
KEYCLOAK_HTTPS_USE_PEM
|
||||
KEYCLOAK_HTTPS_CERTIFICATE_FILE
|
||||
KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE
|
||||
KEYCLOAK_SPI_TRUSTSTORE_FILE
|
||||
KEYCLOAK_SPI_TRUSTSTORE_PASSWORD
|
||||
KEYCLOAK_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY
|
||||
KEYCLOAK_LOG_LEVEL
|
||||
KEYCLOAK_LOG_OUTPUT
|
||||
KEYCLOAK_ROOT_LOG_LEVEL
|
||||
KEYCLOAK_PROXY_HEADERS
|
||||
KEYCLOAK_PRODUCTION
|
||||
KEYCLOAK_EXTRA_ARGS
|
||||
KEYCLOAK_EXTRA_ARGS_PREPENDED
|
||||
KEYCLOAK_DATABASE_VENDOR
|
||||
KEYCLOAK_DATABASE_HOST
|
||||
KEYCLOAK_DATABASE_PORT
|
||||
KEYCLOAK_DATABASE_USER
|
||||
KEYCLOAK_DATABASE_NAME
|
||||
KEYCLOAK_DATABASE_PASSWORD
|
||||
KEYCLOAK_DATABASE_SCHEMA
|
||||
KEYCLOAK_JDBC_PARAMS
|
||||
KEYCLOAK_JDBC_DRIVER
|
||||
KEYCLOAK_DAEMON_USER
|
||||
KEYCLOAK_DAEMON_GROUP
|
||||
KEYCLOAK_ADMIN_USER
|
||||
KC_HTTP_MANAGEMENT_PORT
|
||||
KEYCLOAK_ENABLE_HTTPS
|
||||
KEYCLOAK_HTTPS_USE_PEM
|
||||
KC_BOOTSTRAP_ADMIN_USERNAME
|
||||
KC_BOOTSTRAP_ADMIN_PASSWORD
|
||||
KC_HTTP_PORT
|
||||
KC_HTTPS_PORT
|
||||
KC_HTTP_RELATIVE_PATH
|
||||
KC_LOG_LEVEL
|
||||
KC_LOG_CONSOLE_OUTPUT
|
||||
KC_METRICS_ENABLED
|
||||
KC_HEALTH_ENABLED
|
||||
KC_CACHE
|
||||
KC_CACHE_STACK
|
||||
KC_CACHE_CONFIG_FILE
|
||||
KC_HOSTNAME
|
||||
KC_HOSTNAME_ADMIN
|
||||
KC_HOSTNAME_STRICT
|
||||
KC_HEALTH_ENABLED
|
||||
KC_HTTPS_TRUST_STORE_FILE
|
||||
KC_HTTPS_TRUST_STORE_PASSWORD
|
||||
KC_HTTPS_KEY_STORE_FILE
|
||||
KC_HTTPS_KEY_STORE_PASSWORD
|
||||
KC_HTTPS_CERTIFICATE_FILE
|
||||
KC_HTTPS_CERTIFICATE_KEY_FILE
|
||||
KC_SPI_TRUSTSTORE_FILE_FILE
|
||||
KC_SPI_TRUSTSTORE_PASSWORD
|
||||
KC_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY
|
||||
DB_ADDR
|
||||
DB_PORT
|
||||
DB_USER
|
||||
DB_DATABASE
|
||||
DB_PASSWORD
|
||||
DB_SCHEMA
|
||||
JDBC_PARAMS
|
||||
KC_DB
|
||||
KEYCLOAK_DATABASE_HOST
|
||||
KEYCLOAK_DATABASE_PORT
|
||||
KEYCLOAK_DATABASE_NAME
|
||||
KEYCLOAK_JDBC_PARAMS
|
||||
KEYCLOAK_JDBC_DRIVER
|
||||
KC_DB_USERNAME
|
||||
KC_DB_PASSWORD
|
||||
KC_DB_SCHEMA
|
||||
KEYCLOAK_INIT_MAX_RETRIES
|
||||
KEYCLOAK_DAEMON_USER
|
||||
KEYCLOAK_DAEMON_GROUP
|
||||
KEYCLOAK_HTTP_PORT
|
||||
KEYCLOAK_HTTPS_PORT
|
||||
KEYCLOAK_HTTP_RELATIVE_PATH
|
||||
KEYCLOAK_LOG_LEVEL
|
||||
KEYCLOAK_LOG_OUTPUT
|
||||
KEYCLOAK_ENABLE_STATISTICS
|
||||
KEYCLOAK_ENABLE_HEALTH_ENDPOINTS
|
||||
KEYCLOAK_CACHE_TYPE
|
||||
KEYCLOAK_CACHE_STACK
|
||||
KEYCLOAK_CACHE_CONFIG_FILE
|
||||
KEYCLOAK_HOSTNAME
|
||||
KEYCLOAK_HOSTNAME_ADMIN
|
||||
KEYCLOAK_HOSTNAME_STRICT
|
||||
KEYCLOAK_HTTPS_TRUST_STORE_FILE
|
||||
KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD
|
||||
KEYCLOAK_HTTPS_KEY_STORE_FILE
|
||||
KEYCLOAK_HTTPS_KEY_STORE_PASSWORD
|
||||
KEYCLOAK_HTTPS_CERTIFICATE_FILE
|
||||
KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE
|
||||
KEYCLOAK_DATABASE_VENDOR
|
||||
KEYCLOAK_DATABASE_USER
|
||||
KEYCLOAK_DATABASE_PASSWORD
|
||||
KEYCLOAK_DATABASE_SCHEMA
|
||||
)
|
||||
for env_var in "${keycloak_env_vars[@]}"; do
|
||||
file_env_var="${env_var}_FILE"
|
||||
|
|
@ -116,85 +111,79 @@ export KEYCLOAK_PROVIDERS_DIR="$KEYCLOAK_BASE_DIR/providers"
|
|||
export KEYCLOAK_LOG_DIR="$KEYCLOAK_PROVIDERS_DIR/log"
|
||||
export KEYCLOAK_TMP_DIR="$KEYCLOAK_PROVIDERS_DIR/tmp"
|
||||
export KEYCLOAK_DOMAIN_TMP_DIR="$KEYCLOAK_BASE_DIR/domain/tmp"
|
||||
export WILDFLY_BASE_DIR="/opt/bitnami/wildfly"
|
||||
export KEYCLOAK_VOLUME_DIR="/bitnami/keycloak"
|
||||
export KEYCLOAK_CONF_DIR="$KEYCLOAK_BASE_DIR/conf"
|
||||
export KEYCLOAK_DEFAULT_CONF_DIR="$KEYCLOAK_BASE_DIR/conf.default"
|
||||
export KEYCLOAK_MOUNTED_CONF_DIR="${KEYCLOAK_MOUNTED_CONF_DIR:-${KEYCLOAK_VOLUME_DIR}/conf}"
|
||||
export KEYCLOAK_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d"
|
||||
export KEYCLOAK_CONF_FILE="keycloak.conf"
|
||||
export KEYCLOAK_DEFAULT_CONF_FILE="keycloak.conf"
|
||||
|
||||
# Keycloak kc.sh context
|
||||
export KC_RUN_IN_CONTAINER="${KC_RUN_IN_CONTAINER:-true}"
|
||||
|
||||
# Keycloak configuration
|
||||
KEYCLOAK_ADMIN="${KEYCLOAK_ADMIN:-"${KEYCLOAK_ADMIN_USER:-}"}"
|
||||
export KEYCLOAK_ADMIN="${KEYCLOAK_ADMIN:-user}"
|
||||
export KEYCLOAK_ADMIN_PASSWORD="${KEYCLOAK_ADMIN_PASSWORD:-bitnami}"
|
||||
export KEYCLOAK_HTTP_RELATIVE_PATH="${KEYCLOAK_HTTP_RELATIVE_PATH:-/}"
|
||||
export KEYCLOAK_HTTP_PORT="${KEYCLOAK_HTTP_PORT:-8080}"
|
||||
export KEYCLOAK_HTTPS_PORT="${KEYCLOAK_HTTPS_PORT:-8443}"
|
||||
export KEYCLOAK_BIND_ADDRESS="${KEYCLOAK_BIND_ADDRESS:-$(hostname --fqdn)}"
|
||||
KEYCLOAK_BOOTSTRAP_ADMIN_PASSWORD="${KEYCLOAK_BOOTSTRAP_ADMIN_PASSWORD:-"${KC_BOOTSTRAP_ADMIN_PASSWORD:-}"}"
|
||||
export KEYCLOAK_BOOTSTRAP_ADMIN_PASSWORD="${KEYCLOAK_BOOTSTRAP_ADMIN_PASSWORD:-}"
|
||||
export KC_BOOTSTRAP_ADMIN_PASSWORD="$KEYCLOAK_BOOTSTRAP_ADMIN_PASSWORD"
|
||||
KEYCLOAK_HOSTNAME="${KEYCLOAK_HOSTNAME:-"${KC_HOSTNAME:-}"}"
|
||||
export KEYCLOAK_HOSTNAME="${KEYCLOAK_HOSTNAME:-}"
|
||||
KEYCLOAK_HOSTNAME_ADMIN="${KEYCLOAK_HOSTNAME_ADMIN:-"${KC_HOSTNAME_ADMIN:-}"}"
|
||||
export KEYCLOAK_HOSTNAME_ADMIN="${KEYCLOAK_HOSTNAME_ADMIN:-}"
|
||||
KEYCLOAK_HOSTNAME_STRICT="${KEYCLOAK_HOSTNAME_STRICT:-"${KC_HOSTNAME_STRICT:-}"}"
|
||||
export KEYCLOAK_HOSTNAME_STRICT="${KEYCLOAK_HOSTNAME_STRICT:-false}"
|
||||
export KEYCLOAK_INIT_MAX_RETRIES="${KEYCLOAK_INIT_MAX_RETRIES:-10}"
|
||||
export KEYCLOAK_CACHE_TYPE="${KEYCLOAK_CACHE_TYPE:-ispn}"
|
||||
export KEYCLOAK_CACHE_STACK="${KEYCLOAK_CACHE_STACK:-}"
|
||||
export KEYCLOAK_CACHE_CONFIG_FILE="${KEYCLOAK_CACHE_CONFIG_FILE:-}"
|
||||
export KEYCLOAK_EXTRA_ARGS="${KEYCLOAK_EXTRA_ARGS:-}"
|
||||
export KEYCLOAK_ENABLE_STATISTICS="${KEYCLOAK_ENABLE_STATISTICS:-false}"
|
||||
KEYCLOAK_ENABLE_HEALTH_ENDPOINTS="${KEYCLOAK_ENABLE_HEALTH_ENDPOINTS:-"${KC_HEALTH_ENABLED:-}"}"
|
||||
export KEYCLOAK_ENABLE_HEALTH_ENDPOINTS="${KEYCLOAK_ENABLE_HEALTH_ENDPOINTS:-false}"
|
||||
export KEYCLOAK_ENABLE_HTTPS="${KEYCLOAK_ENABLE_HTTPS:-false}"
|
||||
KEYCLOAK_HTTPS_TRUST_STORE_FILE="${KEYCLOAK_HTTPS_TRUST_STORE_FILE:-"${KC_HTTPS_TRUST_STORE_FILE:-}"}"
|
||||
export KEYCLOAK_HTTPS_TRUST_STORE_FILE="${KEYCLOAK_HTTPS_TRUST_STORE_FILE:-}"
|
||||
KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD="${KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD:-"${KC_HTTPS_TRUST_STORE_PASSWORD:-}"}"
|
||||
export KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD="${KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD:-}"
|
||||
KEYCLOAK_HTTPS_KEY_STORE_FILE="${KEYCLOAK_HTTPS_KEY_STORE_FILE:-"${KC_HTTPS_KEY_STORE_FILE:-}"}"
|
||||
export KEYCLOAK_HTTPS_KEY_STORE_FILE="${KEYCLOAK_HTTPS_KEY_STORE_FILE:-}"
|
||||
KEYCLOAK_HTTPS_KEY_STORE_PASSWORD="${KEYCLOAK_HTTPS_KEY_STORE_PASSWORD:-"${KC_HTTPS_KEY_STORE_PASSWORD:-}"}"
|
||||
export KEYCLOAK_HTTPS_KEY_STORE_PASSWORD="${KEYCLOAK_HTTPS_KEY_STORE_PASSWORD:-}"
|
||||
export KEYCLOAK_HTTPS_USE_PEM="${KEYCLOAK_HTTPS_USE_PEM:-false}"
|
||||
KEYCLOAK_HTTPS_CERTIFICATE_FILE="${KEYCLOAK_HTTPS_CERTIFICATE_FILE:-"${KC_HTTPS_CERTIFICATE_FILE:-}"}"
|
||||
export KEYCLOAK_HTTPS_CERTIFICATE_FILE="${KEYCLOAK_HTTPS_CERTIFICATE_FILE:-}"
|
||||
KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE="${KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE:-"${KC_HTTPS_CERTIFICATE_KEY_FILE:-}"}"
|
||||
export KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE="${KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE:-}"
|
||||
KEYCLOAK_SPI_TRUSTSTORE_FILE="${KEYCLOAK_SPI_TRUSTSTORE_FILE:-"${KC_SPI_TRUSTSTORE_FILE_FILE:-}"}"
|
||||
export KEYCLOAK_SPI_TRUSTSTORE_FILE="${KEYCLOAK_SPI_TRUSTSTORE_FILE:-}"
|
||||
KEYCLOAK_SPI_TRUSTSTORE_PASSWORD="${KEYCLOAK_SPI_TRUSTSTORE_PASSWORD:-"${KC_SPI_TRUSTSTORE_PASSWORD:-}"}"
|
||||
export KEYCLOAK_SPI_TRUSTSTORE_PASSWORD="${KEYCLOAK_SPI_TRUSTSTORE_PASSWORD:-}"
|
||||
KEYCLOAK_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY="${KEYCLOAK_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY:-"${KC_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY:-}"}"
|
||||
export KEYCLOAK_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY="${KEYCLOAK_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY:-}"
|
||||
export KEYCLOAK_LOG_LEVEL="${KEYCLOAK_LOG_LEVEL:-info}"
|
||||
export KEYCLOAK_LOG_OUTPUT="${KEYCLOAK_LOG_OUTPUT:-default}"
|
||||
export KEYCLOAK_ROOT_LOG_LEVEL="${KEYCLOAK_ROOT_LOG_LEVEL:-INFO}"
|
||||
export KEYCLOAK_PROXY_HEADERS="${KEYCLOAK_PROXY_HEADERS:-}"
|
||||
export KEYCLOAK_PRODUCTION="${KEYCLOAK_PRODUCTION:-false}"
|
||||
export KEYCLOAK_EXTRA_ARGS="${KEYCLOAK_EXTRA_ARGS:-}"
|
||||
export KEYCLOAK_EXTRA_ARGS_PREPENDED="${KEYCLOAK_EXTRA_ARGS_PREPENDED:-}"
|
||||
export KEYCLOAK_DATABASE_VENDOR="${KEYCLOAK_DATABASE_VENDOR:-postgresql}"
|
||||
KEYCLOAK_DATABASE_HOST="${KEYCLOAK_DATABASE_HOST:-"${DB_ADDR:-}"}"
|
||||
export KC_HTTP_MANAGEMENT_PORT="${KC_HTTP_MANAGEMENT_PORT:-9000}"
|
||||
export KEYCLOAK_ENABLE_HTTPS="${KEYCLOAK_ENABLE_HTTPS:-false}"
|
||||
export KEYCLOAK_HTTPS_USE_PEM="${KEYCLOAK_HTTPS_USE_PEM:-false}"
|
||||
export KC_BOOTSTRAP_ADMIN_USERNAME="${KC_BOOTSTRAP_ADMIN_USERNAME:-user}"
|
||||
export KC_BOOTSTRAP_ADMIN_PASSWORD="${KC_BOOTSTRAP_ADMIN_PASSWORD:-}"
|
||||
KC_HTTP_PORT="${KC_HTTP_PORT:-"${KEYCLOAK_HTTP_PORT:-}"}"
|
||||
export KC_HTTP_PORT="${KC_HTTP_PORT:-8080}"
|
||||
KC_HTTPS_PORT="${KC_HTTPS_PORT:-"${KEYCLOAK_HTTPS_PORT:-}"}"
|
||||
export KC_HTTPS_PORT="${KC_HTTPS_PORT:-8443}"
|
||||
KC_HTTP_RELATIVE_PATH="${KC_HTTP_RELATIVE_PATH:-"${KEYCLOAK_HTTP_RELATIVE_PATH:-}"}"
|
||||
export KC_HTTP_RELATIVE_PATH="${KC_HTTP_RELATIVE_PATH:-}"
|
||||
KC_LOG_LEVEL="${KC_LOG_LEVEL:-"${KEYCLOAK_LOG_LEVEL:-}"}"
|
||||
export KC_LOG_LEVEL="${KC_LOG_LEVEL:-info}"
|
||||
KC_LOG_CONSOLE_OUTPUT="${KC_LOG_CONSOLE_OUTPUT:-"${KEYCLOAK_LOG_OUTPUT:-}"}"
|
||||
export KC_LOG_CONSOLE_OUTPUT="${KC_LOG_CONSOLE_OUTPUT:-default}"
|
||||
KC_METRICS_ENABLED="${KC_METRICS_ENABLED:-"${KEYCLOAK_ENABLE_STATISTICS:-}"}"
|
||||
export KC_METRICS_ENABLED="${KC_METRICS_ENABLED:-false}"
|
||||
KC_HEALTH_ENABLED="${KC_HEALTH_ENABLED:-"${KEYCLOAK_ENABLE_HEALTH_ENDPOINTS:-}"}"
|
||||
export KC_HEALTH_ENABLED="${KC_HEALTH_ENABLED:-false}"
|
||||
KC_CACHE="${KC_CACHE:-"${KEYCLOAK_CACHE_TYPE:-}"}"
|
||||
export KC_CACHE="${KC_CACHE:-}"
|
||||
KC_CACHE_STACK="${KC_CACHE_STACK:-"${KEYCLOAK_CACHE_STACK:-}"}"
|
||||
export KC_CACHE_STACK="${KC_CACHE_STACK:-}"
|
||||
KC_CACHE_CONFIG_FILE="${KC_CACHE_CONFIG_FILE:-"${KEYCLOAK_CACHE_CONFIG_FILE:-}"}"
|
||||
export KC_CACHE_CONFIG_FILE="${KC_CACHE_CONFIG_FILE:-}"
|
||||
KC_HOSTNAME="${KC_HOSTNAME:-"${KEYCLOAK_HOSTNAME:-}"}"
|
||||
export KC_HOSTNAME="${KC_HOSTNAME:-}"
|
||||
KC_HOSTNAME_ADMIN="${KC_HOSTNAME_ADMIN:-"${KEYCLOAK_HOSTNAME_ADMIN:-}"}"
|
||||
export KC_HOSTNAME_ADMIN="${KC_HOSTNAME_ADMIN:-}"
|
||||
KC_HOSTNAME_STRICT="${KC_HOSTNAME_STRICT:-"${KEYCLOAK_HOSTNAME_STRICT:-}"}"
|
||||
export KC_HOSTNAME_STRICT="${KC_HOSTNAME_STRICT:-false}"
|
||||
KC_HTTPS_TRUST_STORE_FILE="${KC_HTTPS_TRUST_STORE_FILE:-"${KEYCLOAK_HTTPS_TRUST_STORE_FILE:-}"}"
|
||||
export KC_HTTPS_TRUST_STORE_FILE="${KC_HTTPS_TRUST_STORE_FILE:-}"
|
||||
KC_HTTPS_TRUST_STORE_PASSWORD="${KC_HTTPS_TRUST_STORE_PASSWORD:-"${KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD:-}"}"
|
||||
export KC_HTTPS_TRUST_STORE_PASSWORD="${KC_HTTPS_TRUST_STORE_PASSWORD:-}"
|
||||
KC_HTTPS_KEY_STORE_FILE="${KC_HTTPS_KEY_STORE_FILE:-"${KEYCLOAK_HTTPS_KEY_STORE_FILE:-}"}"
|
||||
export KC_HTTPS_KEY_STORE_FILE="${KC_HTTPS_KEY_STORE_FILE:-}"
|
||||
KC_HTTPS_KEY_STORE_PASSWORD="${KC_HTTPS_KEY_STORE_PASSWORD:-"${KEYCLOAK_HTTPS_KEY_STORE_PASSWORD:-}"}"
|
||||
export KC_HTTPS_KEY_STORE_PASSWORD="${KC_HTTPS_KEY_STORE_PASSWORD:-}"
|
||||
KC_HTTPS_CERTIFICATE_FILE="${KC_HTTPS_CERTIFICATE_FILE:-"${KEYCLOAK_HTTPS_CERTIFICATE_FILE:-}"}"
|
||||
export KC_HTTPS_CERTIFICATE_FILE="${KC_HTTPS_CERTIFICATE_FILE:-}"
|
||||
KC_HTTPS_CERTIFICATE_KEY_FILE="${KC_HTTPS_CERTIFICATE_KEY_FILE:-"${KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE:-}"}"
|
||||
export KC_HTTPS_CERTIFICATE_KEY_FILE="${KC_HTTPS_CERTIFICATE_KEY_FILE:-}"
|
||||
|
||||
# Keycloak database configuration
|
||||
KC_DB="${KC_DB:-"${KEYCLOAK_DATABASE_VENDOR:-}"}"
|
||||
export KC_DB="${KC_DB:-postgres}"
|
||||
export KEYCLOAK_DATABASE_HOST="${KEYCLOAK_DATABASE_HOST:-postgresql}"
|
||||
KEYCLOAK_DATABASE_PORT="${KEYCLOAK_DATABASE_PORT:-"${DB_PORT:-}"}"
|
||||
export KEYCLOAK_DATABASE_PORT="${KEYCLOAK_DATABASE_PORT:-5432}"
|
||||
KEYCLOAK_DATABASE_USER="${KEYCLOAK_DATABASE_USER:-"${DB_USER:-}"}"
|
||||
export KEYCLOAK_DATABASE_USER="${KEYCLOAK_DATABASE_USER:-bn_keycloak}"
|
||||
KEYCLOAK_DATABASE_NAME="${KEYCLOAK_DATABASE_NAME:-"${DB_DATABASE:-}"}"
|
||||
export KEYCLOAK_DATABASE_NAME="${KEYCLOAK_DATABASE_NAME:-bitnami_keycloak}"
|
||||
KEYCLOAK_DATABASE_PASSWORD="${KEYCLOAK_DATABASE_PASSWORD:-"${DB_PASSWORD:-}"}"
|
||||
export KEYCLOAK_DATABASE_PASSWORD="${KEYCLOAK_DATABASE_PASSWORD:-}"
|
||||
KEYCLOAK_DATABASE_SCHEMA="${KEYCLOAK_DATABASE_SCHEMA:-"${DB_SCHEMA:-}"}"
|
||||
export KEYCLOAK_DATABASE_SCHEMA="${KEYCLOAK_DATABASE_SCHEMA:-public}"
|
||||
KEYCLOAK_JDBC_PARAMS="${KEYCLOAK_JDBC_PARAMS:-"${JDBC_PARAMS:-}"}"
|
||||
export KEYCLOAK_JDBC_PARAMS="${KEYCLOAK_JDBC_PARAMS:-}"
|
||||
export KEYCLOAK_JDBC_DRIVER="${KEYCLOAK_JDBC_DRIVER:-postgresql}"
|
||||
KC_DB_USERNAME="${KC_DB_USERNAME:-"${KEYCLOAK_DATABASE_USER:-}"}"
|
||||
export KC_DB_USERNAME="${KC_DB_USERNAME:-bn_keycloak}"
|
||||
KC_DB_PASSWORD="${KC_DB_PASSWORD:-"${KEYCLOAK_DATABASE_PASSWORD:-}"}"
|
||||
export KC_DB_PASSWORD="${KC_DB_PASSWORD:-}"
|
||||
KC_DB_SCHEMA="${KC_DB_SCHEMA:-"${KEYCLOAK_DATABASE_SCHEMA:-}"}"
|
||||
export KC_DB_SCHEMA="${KC_DB_SCHEMA:-public}"
|
||||
export KEYCLOAK_INIT_MAX_RETRIES="${KEYCLOAK_INIT_MAX_RETRIES:-10}"
|
||||
|
||||
# System users (when running with a privileged user)
|
||||
export KEYCLOAK_DAEMON_USER="${KEYCLOAK_DAEMON_USER:-keycloak}"
|
||||
|
|
|
|||
|
|
@ -11,17 +11,16 @@ set -o pipefail
|
|||
|
||||
# Load libraries
|
||||
. /opt/bitnami/scripts/libbitnami.sh
|
||||
. /opt/bitnami/scripts/liblog.sh
|
||||
. /opt/bitnami/scripts/libkeycloak.sh
|
||||
|
||||
# Load keycloak environment variables
|
||||
# Load Keycloak environment variables
|
||||
. /opt/bitnami/scripts/keycloak-env.sh
|
||||
|
||||
print_welcome_page
|
||||
|
||||
# We add the copy from default config in the entrypoint to not break users
|
||||
# bypassing the setup.sh logic. If the file already exists do not overwrite (in
|
||||
# case someone mounts a configuration file in /opt/bitnami/postgresql/conf)
|
||||
# case someone mounts a configuration file in /opt/bitnami/keycloak/conf)
|
||||
debug "Copying files from $KEYCLOAK_DEFAULT_CONF_DIR to $KEYCLOAK_CONF_DIR"
|
||||
cp -nr "$KEYCLOAK_DEFAULT_CONF_DIR"/. "$KEYCLOAK_CONF_DIR"
|
||||
|
||||
|
|
|
|||
|
|
@ -11,16 +11,13 @@ set -o pipefail
|
|||
|
||||
# Load libraries
|
||||
. /opt/bitnami/scripts/libkeycloak.sh
|
||||
. /opt/bitnami/scripts/libfs.sh
|
||||
. /opt/bitnami/scripts/libos.sh
|
||||
|
||||
# Load keycloak environment variables
|
||||
# Load Keycloak environment variables
|
||||
. /opt/bitnami/scripts/keycloak-env.sh
|
||||
|
||||
ensure_user_exists "$KEYCLOAK_ADMIN"
|
||||
ensure_user_exists "$KEYCLOAK_DAEMON_USER" --group "$KEYCLOAK_DAEMON_GROUP"
|
||||
|
||||
for dir in "$KEYCLOAK_LOG_DIR" "$KEYCLOAK_TMP_DIR" "$KEYCLOAK_VOLUME_DIR" "$KEYCLOAK_CONF_DIR" "$KEYCLOAK_DEFAULT_CONF_DIR" "$KEYCLOAK_INITSCRIPTS_DIR" "${KEYCLOAK_BASE_DIR}/.installation" "${KEYCLOAK_BASE_DIR}/data" "${KEYCLOAK_BASE_DIR}/lib" "$KEYCLOAK_BASE_DIR" "$KEYCLOAK_PROVIDERS_DIR"; do
|
||||
for dir in "$KEYCLOAK_BASE_DIR" "$KEYCLOAK_PROVIDERS_DIR" "$KEYCLOAK_LOG_DIR" "$KEYCLOAK_TMP_DIR" "$KEYCLOAK_CONF_DIR" "$KEYCLOAK_DEFAULT_CONF_DIR" "${KEYCLOAK_BASE_DIR}/.installation" "${KEYCLOAK_BASE_DIR}/data" "${KEYCLOAK_BASE_DIR}/lib" "$KEYCLOAK_VOLUME_DIR" "$KEYCLOAK_INITSCRIPTS_DIR"; do
|
||||
ensure_dir_exists "$dir"
|
||||
chmod -R g+rwX "$dir"
|
||||
chown -R "$KEYCLOAK_DAEMON_USER" "$dir"
|
||||
|
|
|
|||
|
|
@ -10,35 +10,25 @@ set -o pipefail
|
|||
# set -o xtrace # Uncomment this line for debugging purposes
|
||||
|
||||
# Load libraries
|
||||
. /opt/bitnami/scripts/liblog.sh
|
||||
. /opt/bitnami/scripts/libkeycloak.sh
|
||||
. /opt/bitnami/scripts/libos.sh
|
||||
|
||||
# Load keycloak environment variables
|
||||
# Load Keycloak environment variables
|
||||
. /opt/bitnami/scripts/keycloak-env.sh
|
||||
|
||||
info "** Starting keycloak **"
|
||||
# Use only basename
|
||||
conf_file="${KEYCLOAK_CONF_DIR}/${KEYCLOAK_CONF_FILE}"
|
||||
|
||||
is_boolean_yes "$KEYCLOAK_PRODUCTION" && start_param="start" || start_param="start-dev"
|
||||
|
||||
start_command=("${KEYCLOAK_BIN_DIR}/kc.sh" "-cf" "$conf_file")
|
||||
|
||||
start_command=("${KEYCLOAK_BIN_DIR}/kc.sh" "-cf" "${KEYCLOAK_CONF_DIR}/${KEYCLOAK_CONF_FILE}")
|
||||
# Prepend extra args
|
||||
if [[ -n "$KEYCLOAK_EXTRA_ARGS_PREPENDED" ]]; then
|
||||
read -r -a extra_args_prepended <<<"$KEYCLOAK_EXTRA_ARGS_PREPENDED"
|
||||
start_command+=("${extra_args_prepended[@]}")
|
||||
fi
|
||||
|
||||
start_command+=("$start_param")
|
||||
|
||||
# Add extra args
|
||||
is_boolean_yes "$KEYCLOAK_PRODUCTION" && start_command+=("start") || start_command+=("start-dev")
|
||||
# Append extra args
|
||||
if [[ -n "$KEYCLOAK_EXTRA_ARGS" ]]; then
|
||||
read -r -a extra_args <<<"$KEYCLOAK_EXTRA_ARGS"
|
||||
start_command+=("${extra_args[@]}")
|
||||
fi
|
||||
|
||||
info "** Starting Keycloak **"
|
||||
if am_i_root; then
|
||||
exec_as_user "$KEYCLOAK_DAEMON_USER" /bin/bash -c "${start_command[*]}"
|
||||
else
|
||||
|
|
|
|||
|
|
@ -12,17 +12,17 @@ set -o pipefail
|
|||
# Load libraries
|
||||
. /opt/bitnami/scripts/libkeycloak.sh
|
||||
|
||||
# Load keycloak environment variables
|
||||
# Load Keycloak environment variables
|
||||
. /opt/bitnami/scripts/keycloak-env.sh
|
||||
|
||||
# Ensure keycloak environment variables are valid
|
||||
# Ensure Keycloak environment variables are valid
|
||||
keycloak_validate
|
||||
|
||||
# Ensure 'daemon' user exists when running as 'root'
|
||||
am_i_root && ensure_user_exists "$KEYCLOAK_DAEMON_USER" --group "$KEYCLOAK_DAEMON_GROUP"
|
||||
|
||||
# Ensure keycloak is initialized
|
||||
# Ensure Keycloak is initialized
|
||||
keycloak_initialize
|
||||
|
||||
# keycloak init scripts
|
||||
# Keycloak init scripts
|
||||
keycloak_custom_init_scripts
|
||||
|
|
|
|||
|
|
@ -9,22 +9,21 @@
|
|||
# Load Generic Libraries
|
||||
. /opt/bitnami/scripts/libfs.sh
|
||||
. /opt/bitnami/scripts/liblog.sh
|
||||
. /opt/bitnami/scripts/libnet.sh
|
||||
. /opt/bitnami/scripts/libos.sh
|
||||
. /opt/bitnami/scripts/libfile.sh
|
||||
. /opt/bitnami/scripts/libvalidations.sh
|
||||
|
||||
########################
|
||||
# Validate settings in KEYCLOAK_* env. variables
|
||||
# Validate settings in KEYCLOAK_*,KC_* env. variables
|
||||
# Globals:
|
||||
# KEYCLOAK_*
|
||||
# KEYCLOAK_*,KC_*
|
||||
# Arguments:
|
||||
# None
|
||||
# Returns:
|
||||
# None
|
||||
#########################
|
||||
keycloak_validate() {
|
||||
info "Validating settings in KEYCLOAK_* env vars..."
|
||||
info "Validating settings in KEYCLOAK_*,KC_* env vars..."
|
||||
local error_code=0
|
||||
|
||||
# Auxiliary functions
|
||||
|
|
@ -32,7 +31,11 @@ keycloak_validate() {
|
|||
error "$1"
|
||||
error_code=1
|
||||
}
|
||||
|
||||
check_true_false_value() {
|
||||
if ! is_true_false_value "${!1}"; then
|
||||
print_validation_error "The allowed values for $1 are [true, false]"
|
||||
fi
|
||||
}
|
||||
check_allowed_port() {
|
||||
local port_var="${1:?missing port variable}"
|
||||
local -a validate_port_args=()
|
||||
|
|
@ -42,54 +45,48 @@ keycloak_validate() {
|
|||
print_validation_error "An invalid port was specified in the environment variable ${port_var}: ${err}."
|
||||
fi
|
||||
}
|
||||
check_conflicting_ports() {
|
||||
local -r total="$#"
|
||||
for i in $(seq 1 "$((total - 1))"); do
|
||||
for j in $(seq "$((i + 1))" "$total"); do
|
||||
if (("${!i}" == "${!j}")); then
|
||||
print_validation_error "${!i} and ${!j} are bound to the same port"
|
||||
fi
|
||||
done
|
||||
done
|
||||
}
|
||||
|
||||
if ! is_empty_value "$KEYCLOAK_PROXY_HEADERS" && ! [[ "$KEYCLOAK_PROXY_HEADERS" =~ ^(forwarded|xforwarded)$ ]]; then
|
||||
print_validation_error "The value of KEYCLOAK_PROXY_HEADERS should be either empty, 'forwarded' or 'xforwarded'"
|
||||
fi
|
||||
|
||||
check_true_false_value KEYCLOAK_ENABLE_HTTPS
|
||||
if is_boolean_yes "$KEYCLOAK_ENABLE_HTTPS"; then
|
||||
if is_boolean_yes "$KEYCLOAK_HTTPS_USE_PEM"; then
|
||||
if is_empty_value "$KEYCLOAK_HTTPS_CERTIFICATE_FILE"; then
|
||||
print_validation_error "Path to the TLS certificate not defined. Please set the KEYCLOAK_HTTPS_CERTIFICATE_FILE variable to the mounted PEM certificate"
|
||||
if is_empty_value "$KC_HTTPS_CERTIFICATE_FILE"; then
|
||||
print_validation_error "Path to the TLS certificate not defined. Please set the KC_HTTPS_CERTIFICATE_FILE variable to the mounted PEM certificate"
|
||||
fi
|
||||
if is_empty_value "$KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE"; then
|
||||
print_validation_error "Path to the TLS key not defined. Please set the KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE variable to the mounted PEM key"
|
||||
if is_empty_value "$KC_HTTPS_CERTIFICATE_KEY_FILE"; then
|
||||
print_validation_error "Path to the TLS key not defined. Please set the KC_HTTPS_CERTIFICATE_KEY_FILE variable to the mounted PEM key"
|
||||
fi
|
||||
else
|
||||
if is_empty_value "$KEYCLOAK_HTTPS_TRUST_STORE_FILE"; then
|
||||
print_validation_error "Path to the TLS truststore file not defined. Please set the KEYCLOAK_HTTPS_TRUST_STORE_FILE variable to the mounted truststore"
|
||||
if is_empty_value "$KC_HTTPS_TRUST_STORE_FILE"; then
|
||||
print_validation_error "Path to the TLS truststore file not defined. Please set the KC_HTTPS_TRUST_STORE_FILE variable to the mounted truststore"
|
||||
fi
|
||||
if is_empty_value "$KEYCLOAK_HTTPS_KEY_STORE_FILE"; then
|
||||
print_validation_error "Path to the TLS keystore file not defined. Please set the KEYCLOAK_HTTPS_KEY_STORE_FILE variable to the mounted keystore"
|
||||
if is_empty_value "$KC_HTTPS_KEY_STORE_FILE"; then
|
||||
print_validation_error "Path to the TLS keystore file not defined. Please set the KC_HTTPS_KEY_STORE_FILE variable to the mounted keystore"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if ! validate_ip "${KEYCLOAK_BIND_ADDRESS}"; then
|
||||
if ! is_hostname_resolved "${KEYCLOAK_BIND_ADDRESS}"; then
|
||||
print_validation_error print_validation_error "The value for KEYCLOAK_BIND_ADDRESS ($KEYCLOAK_BIND_ADDRESS) should be an IPv4 or IPv6 address, or it must be a resolvable hostname"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ "$KEYCLOAK_HTTP_PORT" -eq "$KEYCLOAK_HTTPS_PORT" ]]; then
|
||||
print_validation_error "KEYCLOAK_HTTP_PORT and KEYCLOAK_HTTPS_PORT are bound to the same port!"
|
||||
fi
|
||||
check_allowed_port KEYCLOAK_HTTP_PORT
|
||||
check_allowed_port KEYCLOAK_HTTPS_PORT
|
||||
|
||||
for var in KEYCLOAK_ENABLE_HTTPS KEYCLOAK_ENABLE_STATISTICS KEYCLOAK_ENABLE_HEALTH_ENDPOINTS; do
|
||||
if ! is_true_false_value "${!var}"; then
|
||||
print_validation_error "The allowed values for $var are [true, false]"
|
||||
fi
|
||||
check_conflicting_ports KC_HTTP_PORT KC_HTTPS_PORT KC_HTTP_MANAGEMENT_PORT
|
||||
for var in KC_HTTP_PORT KC_HTTPS_PORT KC_HTTP_MANAGEMENT_PORT; do
|
||||
check_allowed_port "$var"
|
||||
done
|
||||
|
||||
[[ "$error_code" -eq 0 ]] || exit "$error_code"
|
||||
}
|
||||
|
||||
########################
|
||||
# Add or modify an entry in the Discourse configuration file
|
||||
# Add or modify an entry in the Keycloak configuration file
|
||||
# Globals:
|
||||
# KEYCLOAK_*
|
||||
# KEYCLOAK_CONF_*
|
||||
# Arguments:
|
||||
# $1 - Variable name
|
||||
# $2 - Value to assign to the variable
|
||||
|
|
@ -99,12 +96,7 @@ keycloak_validate() {
|
|||
keycloak_conf_set() {
|
||||
local -r key="${1:?key missing}"
|
||||
local -r value="${2:-}"
|
||||
# Redact sensitive values before outputting to debug log
|
||||
local redacted_value="${value}"
|
||||
if [[ "${key}" =~ ^(db|https-key-store|https-trust-store|spi-truststore-file)-password$ ]]; then
|
||||
redacted_value="_redacted_"
|
||||
fi
|
||||
debug "Setting ${key} to '${redacted_value}' in Keycloak configuration"
|
||||
|
||||
# Sanitize key (sed does not support fixed string substitutions)
|
||||
local sanitized_pattern
|
||||
sanitized_pattern="^\s*(#\s*)?$(sed 's/[]\[^$.*/]/\\&/g' <<<"$key")\s*=\s*(.*)"
|
||||
|
|
@ -121,7 +113,7 @@ keycloak_conf_set() {
|
|||
########################
|
||||
# Configure database settings
|
||||
# Globals:
|
||||
# KEYCLOAK_*
|
||||
# KEYCLOAK_*,KC_DB_*
|
||||
# Arguments:
|
||||
# None
|
||||
# Returns:
|
||||
|
|
@ -132,163 +124,18 @@ keycloak_configure_database() {
|
|||
jdbc_params="$(echo "$KEYCLOAK_JDBC_PARAMS" | sed -E '/^$|^\&.+$/!s/^/\&/;s/\&/\\&/g')"
|
||||
|
||||
info "Configuring database settings"
|
||||
if [[ "${KEYCLOAK_DATABASE_VENDOR}" == "postgresql" ]]; then
|
||||
keycloak_conf_set "db" "postgres"
|
||||
keycloak_conf_set "db-username" "$KEYCLOAK_DATABASE_USER"
|
||||
keycloak_conf_set "db-password" "$KEYCLOAK_DATABASE_PASSWORD"
|
||||
keycloak_conf_set "db-url" "jdbc:${KEYCLOAK_JDBC_DRIVER}://${KEYCLOAK_DATABASE_HOST}:${KEYCLOAK_DATABASE_PORT}/${KEYCLOAK_DATABASE_NAME}?currentSchema=${KEYCLOAK_DATABASE_SCHEMA}${jdbc_params}"
|
||||
else
|
||||
keycloak_conf_set "db" "$KEYCLOAK_DATABASE_VENDOR"
|
||||
if [[ "$KC_DB" = "postgres" ]]; then
|
||||
# Backwards compatibility with old environment variables
|
||||
if [[ -z "${KC_DB_URL:-}" ]]; then
|
||||
keycloak_conf_set "db-url" "jdbc:${KEYCLOAK_JDBC_DRIVER}://${KEYCLOAK_DATABASE_HOST}:${KEYCLOAK_DATABASE_PORT}/${KEYCLOAK_DATABASE_NAME}?currentSchema=${KC_DB_SCHEMA}${jdbc_params}"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
########################
|
||||
# Configure cluster caching
|
||||
# Globals:
|
||||
# KEYCLOAK_*
|
||||
# Arguments:
|
||||
# None
|
||||
# Returns:
|
||||
# None
|
||||
#########################
|
||||
keycloak_configure_cache() {
|
||||
info "Configuring cache count"
|
||||
! is_empty_value "$KEYCLOAK_CACHE_STACK" && keycloak_conf_set "cache-stack" "${KEYCLOAK_CACHE_STACK}"
|
||||
! is_empty_value "$KEYCLOAK_CACHE_CONFIG_FILE" && keycloak_conf_set "cache-config-file" "${KEYCLOAK_CACHE_CONFIG_FILE}"
|
||||
keycloak_conf_set "cache" "$KEYCLOAK_CACHE_TYPE"
|
||||
}
|
||||
|
||||
########################
|
||||
# Enable statistics
|
||||
# Globals:
|
||||
# KEYCLOAK_*
|
||||
# Arguments:
|
||||
# None
|
||||
# Returns:
|
||||
# None
|
||||
#########################
|
||||
keycloak_configure_metrics() {
|
||||
info "Enabling statistics"
|
||||
keycloak_conf_set "metrics-enabled" "$KEYCLOAK_ENABLE_STATISTICS"
|
||||
}
|
||||
|
||||
########################
|
||||
# Enable health endpoints
|
||||
# Globals:
|
||||
# KEYCLOAK_*
|
||||
# Arguments:
|
||||
# None
|
||||
# Returns:
|
||||
# None
|
||||
#########################
|
||||
keycloak_configure_health_endpoints() {
|
||||
info "Enabling health endpoints"
|
||||
keycloak_conf_set "health-enabled" "$KEYCLOAK_ENABLE_HEALTH_ENDPOINTS"
|
||||
}
|
||||
|
||||
########################
|
||||
# Configure hostname
|
||||
# Globals:
|
||||
# KEYCLOAK_*
|
||||
# Arguments:
|
||||
# None
|
||||
# Returns:
|
||||
# None
|
||||
#########################
|
||||
keycloak_configure_hostname() {
|
||||
info "Configuring hostname settings"
|
||||
! is_empty_value "$KEYCLOAK_HOSTNAME" && keycloak_conf_set "hostname" "${KEYCLOAK_HOSTNAME}"
|
||||
! is_empty_value "$KEYCLOAK_HOSTNAME_ADMIN" && keycloak_conf_set "hostname-admin" "${KEYCLOAK_HOSTNAME_ADMIN}"
|
||||
keycloak_conf_set "hostname-strict" "${KEYCLOAK_HOSTNAME_STRICT}"
|
||||
}
|
||||
|
||||
########################
|
||||
# Configure http
|
||||
# Globals:
|
||||
# KEYCLOAK_*
|
||||
# Arguments:
|
||||
# None
|
||||
# Returns:
|
||||
# None
|
||||
#########################
|
||||
keycloak_configure_http() {
|
||||
info "Configuring http settings"
|
||||
keycloak_conf_set "http-enabled" "true"
|
||||
keycloak_conf_set "http-relative-path" "${KEYCLOAK_HTTP_RELATIVE_PATH}"
|
||||
keycloak_conf_set "http-port" "${KEYCLOAK_HTTP_PORT}"
|
||||
keycloak_conf_set "https-port" "${KEYCLOAK_HTTPS_PORT}"
|
||||
}
|
||||
|
||||
########################
|
||||
# Configure logging settings
|
||||
# Globals:
|
||||
# KEYCLOAK_*
|
||||
# Arguments:
|
||||
# None
|
||||
# Returns:
|
||||
# None
|
||||
#########################
|
||||
keycloak_configure_loglevel() {
|
||||
info "Configuring log level"
|
||||
keycloak_conf_set "log-level" "${KEYCLOAK_LOG_LEVEL}"
|
||||
keycloak_conf_set "log-console-output" "${KEYCLOAK_LOG_OUTPUT}"
|
||||
}
|
||||
|
||||
########################
|
||||
# Configure proxy settings using JBoss CLI
|
||||
# Globals:
|
||||
# KEYCLOAK_*
|
||||
# Arguments:
|
||||
# None
|
||||
# Returns:
|
||||
# None
|
||||
#########################
|
||||
keycloak_configure_proxy() {
|
||||
info "Configuring proxy"
|
||||
keycloak_conf_set "proxy-headers" "${KEYCLOAK_PROXY_HEADERS}"
|
||||
}
|
||||
|
||||
########################
|
||||
# Configure HTTPS settings
|
||||
# Globals:
|
||||
# KEYCLOAK_*
|
||||
# Arguments:
|
||||
# Returns:
|
||||
# None
|
||||
#########################
|
||||
keycloak_configure_https() {
|
||||
info "Configuring Keycloak HTTPS settings"
|
||||
if is_boolean_yes "$KEYCLOAK_HTTPS_USE_PEM"; then
|
||||
keycloak_conf_set "https-certificate-file" "${KEYCLOAK_HTTPS_CERTIFICATE_FILE}"
|
||||
keycloak_conf_set "https-certificate-key-file" "${KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE}"
|
||||
else
|
||||
! is_empty_value "$KEYCLOAK_HTTPS_KEY_STORE_PASSWORD" && keycloak_conf_set "https-key-store-password" "${KEYCLOAK_HTTPS_KEY_STORE_PASSWORD}"
|
||||
! is_empty_value "$KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD" && keycloak_conf_set "https-trust-store-password" "${KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD}"
|
||||
keycloak_conf_set "https-key-store-file" "${KEYCLOAK_HTTPS_KEY_STORE_FILE}"
|
||||
keycloak_conf_set "https-trust-store-file" "${KEYCLOAK_HTTPS_TRUST_STORE_FILE}"
|
||||
fi
|
||||
}
|
||||
|
||||
########################
|
||||
# Configure SPI TLS settings
|
||||
# Globals:
|
||||
# KEYCLOAK_*
|
||||
# Arguments:
|
||||
# Returns:
|
||||
# None
|
||||
#########################
|
||||
keycloak_configure_spi_tls() {
|
||||
info "Configuring Keycloak SPI TLS settings"
|
||||
! is_empty_value "$KEYCLOAK_SPI_TRUSTSTORE_PASSWORD" && keycloak_conf_set "spi-truststore-file-password" "${KEYCLOAK_SPI_TRUSTSTORE_PASSWORD}"
|
||||
! is_empty_value "$KEYCLOAK_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY" && keycloak_conf_set "spi-truststore-file-hostname-verification-policy" "${KEYCLOAK_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY}"
|
||||
keycloak_conf_set "spi-truststore-file-file" "${KEYCLOAK_SPI_TRUSTSTORE_FILE}"
|
||||
|
||||
}
|
||||
|
||||
########################
|
||||
# Initialize keycloak installation
|
||||
# Globals:
|
||||
# KEYCLOAK_*
|
||||
# KEYCLOAK_*,KC_*
|
||||
# Arguments:
|
||||
# None
|
||||
# Returns:
|
||||
|
|
@ -296,40 +143,40 @@ keycloak_configure_spi_tls() {
|
|||
#########################
|
||||
keycloak_initialize() {
|
||||
# Clean to avoid issues when running docker restart
|
||||
if [[ "${KEYCLOAK_DATABASE_VENDOR}" == "postgresql" ]]; then
|
||||
if [[ "$KC_DB" = "postgres" ]]; then
|
||||
local db_host db_port
|
||||
if [[ -z "${KC_DB_URL:-}" ]]; then
|
||||
db_host="$KEYCLOAK_DATABASE_HOST"
|
||||
db_port="$KEYCLOAK_DATABASE_PORT"
|
||||
else
|
||||
# Extract host and port from KC_DB_URL
|
||||
db_host="$(echo "$KC_DB_URL" | sed -E 's/.*\/\/([^:]+):([0-9]+).*/\1/')"
|
||||
db_port="$(echo "$KC_DB_URL" | sed -E 's/.*\/\/[^:]+:([0-9]+).*/\1/')"
|
||||
fi
|
||||
# Wait for database
|
||||
info "Trying to connect to PostgreSQL server $KEYCLOAK_DATABASE_HOST..."
|
||||
if ! retry_while "wait-for-port --host $KEYCLOAK_DATABASE_HOST --timeout 10 $KEYCLOAK_DATABASE_PORT" "$KEYCLOAK_INIT_MAX_RETRIES"; then
|
||||
error "Unable to connect to host $KEYCLOAK_DATABASE_HOST"
|
||||
info "Trying to connect to PostgreSQL server $db_host..."
|
||||
if ! retry_while "wait-for-port --host $db_host --timeout 10 $db_port" "$KEYCLOAK_INIT_MAX_RETRIES"; then
|
||||
error "Unable to connect to host $db_host"
|
||||
exit 1
|
||||
else
|
||||
info "Found PostgreSQL server listening at $KEYCLOAK_DATABASE_HOST:$KEYCLOAK_DATABASE_PORT"
|
||||
fi
|
||||
|
||||
if ! is_dir_empty "$KEYCLOAK_MOUNTED_CONF_DIR"; then
|
||||
cp -Lr "$KEYCLOAK_MOUNTED_CONF_DIR"/* "$KEYCLOAK_CONF_DIR"
|
||||
# Add new line to the end of the file to avoid issues when mounting
|
||||
# config files with no new line at the end
|
||||
echo >> "${KEYCLOAK_CONF_DIR}/${KEYCLOAK_CONF_FILE}"
|
||||
info "Found PostgreSQL server listening at $db_host:$db_port"
|
||||
fi
|
||||
fi
|
||||
if ! is_dir_empty "$KEYCLOAK_MOUNTED_CONF_DIR"; then
|
||||
cp -Lr "$KEYCLOAK_MOUNTED_CONF_DIR"/* "$KEYCLOAK_CONF_DIR"
|
||||
# Add new line to the end of the file to avoid issues when mounting
|
||||
# config files with no new line at the end
|
||||
echo >> "${KEYCLOAK_CONF_DIR}/${KEYCLOAK_CONF_FILE}"
|
||||
fi
|
||||
|
||||
keycloak_configure_database
|
||||
keycloak_configure_metrics
|
||||
keycloak_configure_health_endpoints
|
||||
keycloak_configure_http
|
||||
keycloak_configure_hostname
|
||||
keycloak_configure_cache
|
||||
keycloak_configure_loglevel
|
||||
! is_empty_value "$KEYCLOAK_PROXY_HEADERS" && keycloak_configure_proxy
|
||||
is_boolean_yes "$KEYCLOAK_ENABLE_HTTPS" && keycloak_configure_https
|
||||
! is_empty_value "$KEYCLOAK_SPI_TRUSTSTORE_FILE" && keycloak_configure_spi_tls
|
||||
true
|
||||
}
|
||||
|
||||
########################
|
||||
# Run custom initialization scripts
|
||||
# Globals:
|
||||
# KEYCLOAK_*
|
||||
# KEYCLOAK_INITSCRIPTS_DIR,KEYCLOAK_VOLUME_DIR
|
||||
# Arguments:
|
||||
# None
|
||||
# Returns:
|
||||
|
|
@ -355,6 +202,6 @@ keycloak_custom_init_scripts() {
|
|||
esac
|
||||
done <$tmp_file
|
||||
rm -f "$tmp_file"
|
||||
touch "$KEYCLOAK_VOLUME_DIR"/.user_scripts_initialized
|
||||
touch "${KEYCLOAK_VOLUME_DIR}/.user_scripts_initialized"
|
||||
fi
|
||||
}
|
||||
|
|
|
|||
|
|
@ -81,75 +81,67 @@ docker build -t bitnami/APP:latest .
|
|||
|
||||
#### Customizable environment variables
|
||||
|
||||
| Name | Description | Default Value |
|
||||
|-------------------------------------------------------------|-------------------------------------------------------------------------------------------------------|-------------------------------|
|
||||
| `KEYCLOAK_MOUNTED_CONF_DIR` | Directory for including custom configuration files (that override the default generated ones) | `${KEYCLOAK_VOLUME_DIR}/conf` |
|
||||
| `KC_RUN_IN_CONTAINER` | Keycloak kc.sh context | `true` |
|
||||
| `KEYCLOAK_ADMIN` | Keycloak administrator user | `user` |
|
||||
| `KEYCLOAK_ADMIN_PASSWORD` | Keycloak administrator password | `bitnami` |
|
||||
| `KEYCLOAK_HTTP_RELATIVE_PATH` | Set the path relative to "/" for serving resources. | `/` |
|
||||
| `KEYCLOAK_HTTP_PORT` | HTTP port | `8080` |
|
||||
| `KEYCLOAK_HTTPS_PORT` | HTTPS port | `8443` |
|
||||
| `KEYCLOAK_BIND_ADDRESS` | Bind address | `$(hostname --fqdn)` |
|
||||
| `KEYCLOAK_BOOTSTRAP_ADMIN_PASSWORD` | Keycloak initial admin password | `nil` |
|
||||
| `KEYCLOAK_HOSTNAME` | Keycloak hostname | `nil` |
|
||||
| `KEYCLOAK_HOSTNAME_ADMIN` | Keycloak admin hostname | `nil` |
|
||||
| `KEYCLOAK_HOSTNAME_STRICT` | Disables dynamically resolving the hostname from request headers | `false` |
|
||||
| `KEYCLOAK_INIT_MAX_RETRIES` | Maximum retries for checking that the database works | `10` |
|
||||
| `KEYCLOAK_CACHE_TYPE` | Defines the cache mechanism for high-availability. | `ispn` |
|
||||
| `KEYCLOAK_CACHE_STACK` | Apply a specific cache stack | `nil` |
|
||||
| `KEYCLOAK_CACHE_CONFIG_FILE` | Path to the cache config file | `nil` |
|
||||
| `KEYCLOAK_EXTRA_ARGS` | Add extra startup parameters to keycloak | `nil` |
|
||||
| `KEYCLOAK_ENABLE_STATISTICS` | Enable metrics for the database | `false` |
|
||||
| `KEYCLOAK_ENABLE_HEALTH_ENDPOINTS` | Enable health endpoints | `false` |
|
||||
| `KEYCLOAK_ENABLE_HTTPS` | Enable SSL certificates | `false` |
|
||||
| `KEYCLOAK_HTTPS_TRUST_STORE_FILE` | Path to the SSL truststore file | `nil` |
|
||||
| `KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD` | Password for decrypting the truststore file | `nil` |
|
||||
| `KEYCLOAK_HTTPS_KEY_STORE_FILE` | Path to the SSL keystore file | `nil` |
|
||||
| `KEYCLOAK_HTTPS_KEY_STORE_PASSWORD` | Password for decrypting the keystore file | `nil` |
|
||||
| `KEYCLOAK_HTTPS_USE_PEM` | Set to true to configure HTTPS using PEM certificates | `false` |
|
||||
| `KEYCLOAK_HTTPS_CERTIFICATE_FILE` | Path to the PEM certificate file | `nil` |
|
||||
| `KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE` | Path to the PEM key file | `nil` |
|
||||
| `KEYCLOAK_SPI_TRUSTSTORE_FILE` | Path to the Keycloak SPI truststore file | `nil` |
|
||||
| `KEYCLOAK_SPI_TRUSTSTORE_PASSWORD` | Password for decrypting the SPI truststore file | `nil` |
|
||||
| `KEYCLOAK_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY` | Hostqname verification policy for SPI connection over HTTPS/TLS | `nil` |
|
||||
| `KEYCLOAK_LOG_LEVEL` | Keycloak log level | `info` |
|
||||
| `KEYCLOAK_LOG_OUTPUT` | Keycloak log output | `default` |
|
||||
| `KEYCLOAK_ROOT_LOG_LEVEL` | Keycloak root log level | `INFO` |
|
||||
| `KEYCLOAK_PROXY_HEADERS` | Keycloak reverse proxy headers | `nil` |
|
||||
| `KEYCLOAK_PRODUCTION` | Run in production mode | `false` |
|
||||
| `KEYCLOAK_EXTRA_ARGS_PREPENDED` | Run with flags which are applied directly to keycloak executable | `nil` |
|
||||
| `KEYCLOAK_DATABASE_VENDOR` | Database vendor | `postgresql` |
|
||||
| `KEYCLOAK_DATABASE_HOST` | Database backend hostname | `postgresql` |
|
||||
| `KEYCLOAK_DATABASE_PORT` | Database backend port | `5432` |
|
||||
| `KEYCLOAK_DATABASE_USER` | Database backend username | `bn_keycloak` |
|
||||
| `KEYCLOAK_DATABASE_NAME` | Database name | `bitnami_keycloak` |
|
||||
| `KEYCLOAK_DATABASE_PASSWORD` | Database backend password | `nil` |
|
||||
| `KEYCLOAK_DATABASE_SCHEMA` | PostgreSQL database schema | `public` |
|
||||
| `KEYCLOAK_JDBC_PARAMS` | Extra JDBC connection parameters for the database (e.g.: `sslmode=verify-full&connectTimeout=30000`\) | `nil` |
|
||||
| `KEYCLOAK_JDBC_DRIVER` | JDBC driver to set in the connection string for the database | `postgresql` |
|
||||
| `KEYCLOAK_DAEMON_USER` | Keycloak daemon user when running as root | `keycloak` |
|
||||
| `KEYCLOAK_DAEMON_GROUP` | Keycloak daemon group when running as root | `keycloak` |
|
||||
| Name | Description | Default Value |
|
||||
|---------------------------------|----------------------------------------------------------------------------------------------------|-------------------------------|
|
||||
| `KEYCLOAK_MOUNTED_CONF_DIR` | Directory for including custom configuration files (that override the default generated ones) | `${KEYCLOAK_VOLUME_DIR}/conf` |
|
||||
| `KC_RUN_IN_CONTAINER` | Keycloak kc.sh context | `true` |
|
||||
| `KEYCLOAK_PRODUCTION` | Run in production mode. | `false` |
|
||||
| `KEYCLOAK_EXTRA_ARGS` | Append extra arguments to Keycloak start command. | `nil` |
|
||||
| `KEYCLOAK_EXTRA_ARGS_PREPENDED` | Prepend extra arguments to Keycloak start command. | `nil` |
|
||||
| `KC_HTTP_MANAGEMENT_PORT` | Management interface port. | `9000` |
|
||||
| `KEYCLOAK_ENABLE_HTTPS` | Enable SSL certificates | `false` |
|
||||
| `KEYCLOAK_HTTPS_USE_PEM` | Set to true to configure HTTPS using PEM certificates | `false` |
|
||||
| `KC_BOOTSTRAP_ADMIN_USERNAME` | Bootstrap admin username | `user` |
|
||||
| `KC_BOOTSTRAP_ADMIN_PASSWORD` | Bootstrap admin password | `nil` |
|
||||
| `KC_HTTP_PORT` | HTTP port | `8080` |
|
||||
| `KC_HTTPS_PORT` | HTTPS port | `8443` |
|
||||
| `KC_HTTP_RELATIVE_PATH` | Set the path relative to "/" for serving resources. | `nil` |
|
||||
| `KC_LOG_LEVEL` | Keycloak log level | `info` |
|
||||
| `KC_LOG_CONSOLE_OUTPUT` | Keycloak log output | `default` |
|
||||
| `KC_METRICS_ENABLED` | Enable metrics. | `false` |
|
||||
| `KC_HEALTH_ENABLED` | Enable health check endpoints. | `false` |
|
||||
| `KC_CACHE` | Cache mechanism for high-availability. | `nil` |
|
||||
| `KC_CACHE_STACK` | Default stack to use for cluster communication and node discovery. | `nil` |
|
||||
| `KC_CACHE_CONFIG_FILE` | Path to the file from which cache configuration should be loaded from. | `nil` |
|
||||
| `KC_HOSTNAME` | Keycloak hostname | `nil` |
|
||||
| `KC_HOSTNAME_ADMIN` | Keycloak admin hostname | `nil` |
|
||||
| `KC_HOSTNAME_STRICT` | Disables dynamically resolving the hostname from request headers | `false` |
|
||||
| `KC_HTTPS_TRUST_STORE_FILE` | Path to the SSL truststore file | `nil` |
|
||||
| `KC_HTTPS_TRUST_STORE_PASSWORD` | Password for decrypting the truststore file | `nil` |
|
||||
| `KC_HTTPS_KEY_STORE_FILE` | Path to the SSL keystore file | `nil` |
|
||||
| `KC_HTTPS_KEY_STORE_PASSWORD` | Password for decrypting the keystore file | `nil` |
|
||||
| `KC_HTTPS_CERTIFICATE_FILE` | Path to the PEM certificate file | `nil` |
|
||||
| `KC_HTTPS_CERTIFICATE_KEY_FILE` | Path to the PEM key file | `nil` |
|
||||
| `KC_DB` | Database vendor | `postgres` |
|
||||
| `KEYCLOAK_DATABASE_HOST` | Database hostname | `postgresql` |
|
||||
| `KEYCLOAK_DATABASE_PORT` | Database port | `5432` |
|
||||
| `KEYCLOAK_DATABASE_NAME` | Database name | `bitnami_keycloak` |
|
||||
| `KEYCLOAK_JDBC_PARAMS` | Extra JDBC connection parameters for the database (e.g.: sslmode=verify-full&connectTimeout=30000) | `nil` |
|
||||
| `KEYCLOAK_JDBC_DRIVER` | JDBC driver to set in the connection string for the database | `postgresql` |
|
||||
| `KC_DB_USERNAME` | Database username | `bn_keycloak` |
|
||||
| `KC_DB_PASSWORD` | Database password | `nil` |
|
||||
| `KC_DB_SCHEMA` | PostgreSQL database schema | `public` |
|
||||
| `KEYCLOAK_INIT_MAX_RETRIES` | Maximum retries for checking that the database works | `10` |
|
||||
| `KEYCLOAK_DAEMON_USER` | Keycloak daemon user when running as root | `keycloak` |
|
||||
| `KEYCLOAK_DAEMON_GROUP` | Keycloak daemon group when running as root | `keycloak` |
|
||||
|
||||
#### Read-only environment variables
|
||||
|
||||
| Name | Description | Value |
|
||||
|------------------------------|---------------------------------------------------------|-----------------------------------|
|
||||
| `BITNAMI_VOLUME_DIR` | Directory where to mount volumes. | `/bitnami` |
|
||||
| `JAVA_HOME` | Java installation directory | `/opt/bitnami/java` |
|
||||
| `KEYCLOAK_BASE_DIR` | Keycloak base directory | `/opt/bitnami/keycloak` |
|
||||
| `KEYCLOAK_BIN_DIR` | Keycloak bin directory | `$KEYCLOAK_BASE_DIR/bin` |
|
||||
| `KEYCLOAK_PROVIDERS_DIR` | Keycloak Wildfly extensions directory | `$KEYCLOAK_BASE_DIR/providers` |
|
||||
| `KEYCLOAK_LOG_DIR` | Keycloak bin directory | `$KEYCLOAK_PROVIDERS_DIR/log` |
|
||||
| `KEYCLOAK_TMP_DIR` | Keycloak tmp directory | `$KEYCLOAK_PROVIDERS_DIR/tmp` |
|
||||
| `KEYCLOAK_DOMAIN_TMP_DIR` | Keycloak tmp directory | `$KEYCLOAK_BASE_DIR/domain/tmp` |
|
||||
| `WILDFLY_BASE_DIR` | Wildfly base directory | `/opt/bitnami/wildfly` |
|
||||
| `KEYCLOAK_VOLUME_DIR` | Path to keycloak mount directory | `/bitnami/keycloak` |
|
||||
| `KEYCLOAK_CONF_DIR` | Keycloak configuration directory | `$KEYCLOAK_BASE_DIR/conf` |
|
||||
| `KEYCLOAK_DEFAULT_CONF_DIR` | Keycloak default configuration directory | `$KEYCLOAK_BASE_DIR/conf.default` |
|
||||
| `KEYCLOAK_INITSCRIPTS_DIR` | Path to keycloak init scripts directory | `/docker-entrypoint-initdb.d` |
|
||||
| `KEYCLOAK_CONF_FILE` | Name of the keycloak configuration file (relative path) | `keycloak.conf` |
|
||||
| `KEYCLOAK_DEFAULT_CONF_FILE` | Name of the keycloak configuration file (relative path) | `keycloak.conf` |
|
||||
| Name | Description | Value |
|
||||
|-----------------------------|---------------------------------------------------------|-----------------------------------|
|
||||
| `BITNAMI_VOLUME_DIR` | Directory where to mount volumes. | `/bitnami` |
|
||||
| `JAVA_HOME` | Java installation directory | `/opt/bitnami/java` |
|
||||
| `KEYCLOAK_BASE_DIR` | Keycloak base directory | `/opt/bitnami/keycloak` |
|
||||
| `KEYCLOAK_BIN_DIR` | Keycloak bin directory | `$KEYCLOAK_BASE_DIR/bin` |
|
||||
| `KEYCLOAK_PROVIDERS_DIR` | Keycloak providers (extensions) directory | `$KEYCLOAK_BASE_DIR/providers` |
|
||||
| `KEYCLOAK_LOG_DIR` | Keycloak bin directory | `$KEYCLOAK_PROVIDERS_DIR/log` |
|
||||
| `KEYCLOAK_TMP_DIR` | Keycloak tmp directory | `$KEYCLOAK_PROVIDERS_DIR/tmp` |
|
||||
| `KEYCLOAK_DOMAIN_TMP_DIR` | Keycloak tmp directory | `$KEYCLOAK_BASE_DIR/domain/tmp` |
|
||||
| `KEYCLOAK_VOLUME_DIR` | Path to keycloak mount directory | `/bitnami/keycloak` |
|
||||
| `KEYCLOAK_CONF_DIR` | Keycloak configuration directory | `$KEYCLOAK_BASE_DIR/conf` |
|
||||
| `KEYCLOAK_DEFAULT_CONF_DIR` | Keycloak default configuration directory | `$KEYCLOAK_BASE_DIR/conf.default` |
|
||||
| `KEYCLOAK_INITSCRIPTS_DIR` | Path to keycloak init scripts directory | `/docker-entrypoint-initdb.d` |
|
||||
| `KEYCLOAK_CONF_FILE` | Name of the keycloak configuration file (relative path) | `keycloak.conf` |
|
||||
|
||||
### Extra arguments to Keycloak startup
|
||||
|
||||
|
|
@ -210,14 +202,6 @@ Apart from that, the following environment variables must be set:
|
|||
- `KEYCLOAK_HTTPS_CERTIFICATE_FILE`: Path to the PEM certificate file (e.g. `/opt/bitnami/keycloak/certs/tls.crt`). No defaults.
|
||||
- `KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE`: Path to the PEM key file (e.g. `/opt/bitnami/keycloak/certs/tls.key`). No defaults.
|
||||
|
||||
### SPI TLS truststore
|
||||
|
||||
The Bitnami Keycloak Docker image supports configuring a truststore for HTTP/TLS connection with Keycloak SPIs.
|
||||
|
||||
- `KEYCLOAK_SPI_TRUSTSTORE_FILE`: Path to the Keycloak SPI truststore file (e.g. `/opt/bitnami/keycloak/certs-spi/truststore.jks`). No defaults.
|
||||
- `KEYCLOAK_SPI_TRUSTSTORE_PASSWORD`: Password for decrypting the SPI truststore file. No defaults.
|
||||
- `KEYCLOAK_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY`: Hostname verification policy for SPI connection over HTTPS/TLS
|
||||
|
||||
### Adding custom themes
|
||||
|
||||
In order to add new themes to Keycloak, you can mount them to the `/opt/bitnami/keycloak/themes` folder. The example below mounts a new theme.
|
||||
|
|
@ -248,14 +232,14 @@ volumes:
|
|||
driver: local
|
||||
```
|
||||
|
||||
### Enabling statistics
|
||||
### Enabling metrics
|
||||
|
||||
The Bitnami Keycloak container can activate different set of statistics (database, jgroups and http) by setting the environment variable `KEYCLOAK_ENABLE_STATISTICS=true`.
|
||||
The Bitnami Keycloak container can activate different set of metrics (database, jgroups and http) by setting the environment variable `KC_METRICS_ENABLED=true`. See [the official documentation](https://www.keycloak.org/observability/configuration-metrics) for more information about these metrics.
|
||||
|
||||
### Enabling health endpoints
|
||||
|
||||
The Bitnami Keycloak container can activate several endpoints providing information about the health of Keycloak, by setting the environment variable `KEYCLOAK_ENABLE_HEALTH_ENDPOINTS=true`.
|
||||
See [the official documentation](https://www.keycloak.org/server/health) for more information about these endpoints.
|
||||
The Bitnami Keycloak container can activate several endpoints providing information about the health of Keycloak, by setting the environment variable `KC_HEALTH_ENABLED=true`.
|
||||
See [the official documentation](https://www.keycloak.org/observability/health) for more information about these endpoints.
|
||||
|
||||
### Full configuration
|
||||
|
||||
|
|
@ -280,6 +264,20 @@ After that, your changes will be taken into account in the server's behaviour.
|
|||
|
||||
## Notable Changes
|
||||
|
||||
### 26.3.2-debian-12-r1
|
||||
|
||||
The following environment variables have been deprecated. Instead rely on the native `KC_*` equivalent environment variables:
|
||||
|
||||
- `KEYCLOAK_CACHE_TYPE`, `KEYCLOAK_CACHE_STACK` and `KEYCLOAK_CACHE_CONFIG_FILE`
|
||||
- `KEYCLOAK_ENABLE_STATISTICS` and `KEYCLOAK_ENABLE_HEALTH_ENDPOINTS`
|
||||
- `KEYCLOAK_LOG_LEVEL` and `KEYCLOAK_LOG_OUTPUT`
|
||||
- `KEYCLOAK_HOSTNAME`, `KEYCLOAK_HOSTNAME_ADMIN` and `KEYCLOAK_HOSTNAME_STRICT`
|
||||
- `KEYCLOAK_PROXY_HEADERS`
|
||||
- `KEYCLOAK_ADMIN_USER` and `KEYCLOAK_BOOTSTRAP_ADMIN_PASSWORD`
|
||||
|
||||
The [https://github.com/aerogear/keycloak-metrics-spi](https://github.com/aerogear/keycloak-metrics-spi) provider is no longer shipped by default in the container image.
|
||||
Also, support for deprecated SPI truststore was removed.
|
||||
|
||||
### 19-debian-11-r4
|
||||
|
||||
- TLS environment variables have been renamed to match upstream.
|
||||
|
|
|
|||
Loading…
Reference in New Issue