diff --git a/Containerfile b/Containerfile index 7df854e..fa24531 100644 --- a/Containerfile +++ b/Containerfile @@ -6,6 +6,7 @@ ENV KC_DB=postgres ENV KC_CACHE_STACK=tcp ENV KC_HTTPS_CLIENT_AUTH=request ENV KC_FEATURES=dynamic-scopes,recovery-codes,preview +ENV KC_DB_URL=postgresql://postgres.services.tobie:5432/keycloak RUN kc.sh build FROM quay.io/keycloak/keycloak:latest @@ -18,9 +19,13 @@ ENV KC_HOSTNAME_ADMIN_URL="https://admin.sso.sebastian-tobie.de" ENV KC_HOSTNAME_URL="https://sso.sebastian-tobie.de" ENV KC_DB_USERNAME=keycloak ENV KC_DB_PASSWORD=changeme -ENV KC_DB_URL=postgres.services.tobie +ENV KC_DB_URL=postgresql://postgres.services.tobie:5432/keycloak ENV KEYCLOAK_ADMIN="admin" ENV KEYCLOAK_ADMIN_PASSWORD="admin" EXPOSE 8080 +COPY --chown=root:root tobie-ca.crt /etc/pki/ca-trust/source/anchors/tobie-ca.crt +USER root +RUN update-ca-trust +USER keycloak ENTRYPOINT ["kc.sh", "start", "--optimized", "--http-enabled", "true", "--proxy", "edge", "--log-console-format", "'%-5p [%c] (%t) %s%e%n'", "--hostname-strict-backchannel=true"] diff --git a/tobie-ca.crt b/tobie-ca.crt new file mode 100644 index 0000000..8a710d5 --- /dev/null +++ b/tobie-ca.crt @@ -0,0 +1,57 @@ +-----BEGIN CERTIFICATE----- +MIIKSTCCBjGgAwIBAgIIPnYmd1iSSoswDQYJKoZIhvcNAQENBQAwgcMxCzAJBgNV +BAYTAkRlMQ8wDQYDVQQIDAZIZXNzZW4xETAPBgNVBAcMCEZyaXR6bGFyMUUwQwYD +VQQDDDxTZWJhc3RpYW4gVG9iaWUncyBDQSBmw7xyIHNlYmFzdGlhbi10b2JpZS5k +ZSB1bmQgc2VidG9iaWUuZGUxSTBHBgNVBAUTQDIwMDJmNzVjMzU2YTY4MmUyZmMw +YzJlYjYwOTNkZWJhY2ZhNmRlMWUxYzkyZGU4NjFlNDVhMGU4MjQyMTA2MmIwHhcN +MjEwNDEyMDgzOTAwWhcNMzEwNDEyMDgzOTAwWjCBwzELMAkGA1UEBhMCRGUxDzAN +BgNVBAgMBkhlc3NlbjERMA8GA1UEBwwIRnJpdHpsYXIxRTBDBgNVBAMMPFNlYmFz +dGlhbiBUb2JpZSdzIENBIGbDvHIgc2ViYXN0aWFuLXRvYmllLmRlIHVuZCBzZWJ0 +b2JpZS5kZTFJMEcGA1UEBRNAMjAwMmY3NWMzNTZhNjgyZTJmYzBjMmViNjA5M2Rl +YmFjZmE2ZGUxZTFjOTJkZTg2MWU0NWEwZTgyNDIxMDYyYjCCBCIwDQYJKoZIhvcN +AQEBBQADggQPADCCBAoCggQBANo6miMJJpKG8kh983E+9nMAqdpJx1neusFo0JUF +A06NKw2jMJRDv6l6iQW0xVHvjXw7UlI1pY8+iU1YZtSqK2Cq6U4buFcXF4xJjuPK +5PTNdmI1+uSw4pDpzLtpZphGGcgXoSlVJ31nNe48aUX5N+scnTX/Yb+6me6XCk+r +OOL7pMNNn91bURlf6R7SM5I3W1IxdwXd7ZR3cYIU1g6d04VKvFwSAO5HnAX75CpE +A1kLzHojbc9cS+HMEWqItXXPAoOorn1H1qukHfsh0EZBCSbho52608Yihfj7rCrJ +BKpMsZbMKIoiDt/ZE6R/W3beR1wbiAu3WD2HqLrXEbB1I7ga+Km2ot8d0RnzFgxN +khCi9n30rH01m9X3bebvyAlKsHqhp8c//OHMH8jQ5nU0fqzvLPXw39yn3siBqazF +tVaICJfP523IQhtWsm2kkFp3E/kQOdwTltq4PvVSbXuIjcFSuz4DCvxrxWxekPcX +a5wtyaqcdGoVqMxbzLW1txldR0PXK4wvBUZ1IrpH05qouedI8kKGmT+7mUsOY3vj +Vg3Az78oSQ6CoJvhgC3FUbXvF3lQoty6BpKq7jrl7p6clBFO0et8sUvkSB8bwxOH ++efZd9Tb+Lzs3u8FpYopsOh/vvX+ZCsPs/Y3E71j87jb8uxXl26hMAH1z2qX3494 +Rw9ouVFWd1SEt8k9ySDTZXYKKL5rYmMePHReZROerDjzFNPHNgdoDCAs5qy/M2RV +nNzdQu08mTZ507FxP8/BaQ2NMcj9fN2Xq378HhQ+tRQ8qbWBRk98welgpEkazSJP +mgGeJWEgcDyj6sGQeY2vtiRcmyijmU434uXOVTBZhyRSTFrSaksNJC34fTdFsjE/ +S4e7vTfyCnm/6BxutfMX6KRutz7hOrjEW0HHmWvoPvlEMujaC4T5ikgjGis64iPF +mZMqpyN6TCpj6h3F3hcH/OsblDmiZZY5ADl4JHXZZlPw/G7VODTGZ5eeS8tsxjBs +AZ3AKbkOav3/BvFFHOCIAB9j4rVYeAzbt7zA9QFCYr7U05L+hp8+mqHzl+N4j+/8 +tRh1IvUyYAXqO1X7yD0HIigF9BTGPN1zdgi8WgY/V+AM2MQs55lpLjtZp1XC+//O +VVJDP3lBHy5FWS29RSzYKNeD/c3w00hLQ6f3t/fWZtOL6KQQsX/RzGrKP3pLXZkT +uFJNooOykt9sAf0gvFUONj2jKyAipmKE9pMeo3ZnFEkc2xHk5IsqEgVsp0+43Zu5 +YNYLvGiZGkiOSFAsP3AYp6FxgOQTdmelvxb7EF0367YT45QBrBC2pQhxprDNj+Z4 +FksZWsIMqjDfcFCmldxMKgCNCK5caX1jUQECz5OxfBZNdDECAwEAAaM/MD0wDwYD +VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA9f/+TVoErUK2TeSbc/9+D34VC0wCwYD +VR0PBAQDAgEGMA0GCSqGSIb3DQEBDQUAA4IEAQDJaq+pw9eUKIrboG/APBhhHfMm +j/3Rddsylbxrgz9pN/YaXpbfTfVb63zis1ZVUjE9ge10G70bQcQqaL8nzmpSK6aM +yrep8AobTdDSJWmkS8M/1t5BFaaIah68r/bEiW8U4JYq6Ey0osTmBUVbttPnxa/g +aDWEKy1vdP6seEXmYcQeGe4wB0D0geZ7LSXABMWNjeUOYekU88UOLutFIqgKPZDK +KXerOQgv10fDbmaC1alcZIdKPftbkZ32QjdROoL3x/7hZvG6jbOtHIeNQLzfdaxK +IuGWkBkXrjQI/RGnaSqLVTmNuuQ6quuScVIp6eCLOvj7flzKuhAeiiEfpqMQ4fGT +ZqcKL45U0c1quRUg/dP7amlMGUHaIluuWv9QkNSYNmFc327DcJP45sV4IBP5eFhu +kUbNF7RFiM+OteWEqpNuwKZHmHI44Zef/5HGR20RDfO0K1pY2pwEZKMDVLNg2lml +oWk8lyyOZa8xXTrIrQeqx9neKlg4hFQ4b9gw/eMsyXuapWrgvl3UnKU4v9psuWjX +lQHxororhSJMgfbVMB3ldDQLTWt2G2HY0YUnhmsqo3wSGPNmGgPTGBbnh6m1L9in +afqCVNKJKHwLcM53P2yf4WPO6lCL4mNHgs681r/LQ5YGHQH+mvebz7RwtLf3Ko3T +w3gcmpitVzPiJ9mq+r1LNS29mKpbAF5UsWtxyQx7MBRYRq5QSL1w9ZgQI9cmuHIC +8QzQZ5RKavKnUwaoTeUaUtI+oi0uUDci2JFxpogvCbRaShVEjQyzyIHPEA6uX2Pw +ONf8focYVSQbfhm3PNW+P/9IsYjnpXU07e4HKR/28rrvPajavrrUSp/c1C7Qprzf +oEujRDDDMHRWyzSbRXFXXdvRLEDhcclnBheRbNjvT5f1Vu4IkiT5fEYpXtPjrRJ7 +8PaTuDffPnCNmvNXhmOyigzb6QgixrRkfMp2uBbOBJPNgnuFg0zboTZ1CHgFXjpD +lvzcP15YfOw4LRd29GEYWn1fOUSTMlx/dLcrUg2P/RPMQbI+pRAwUnWM+fr6rdbe +FClcdvOtlNlwiWVM3Q4aHrDpxzJ42xJ2h4kC+0u53tgAHdKIMJLMd4SrIg7nmahv +qgWT/8LIg9L626+7pEzP3z2LKLigPAyo4yQ8pqOX2U5dedAtc0p5e9kvW+rwKaUd +trwY7UK+VQMnMq0kjwEMXSv5UPn/SFRWit5PntjUeK+ccP3vQFFaFIC99eSX72z0 +M/K2cPmrGuMgugW/DRK6W4ZiNyaLAidLP1Ed7SoqiogOowcwlOEH+2fY42f5BQEF +6/OB8d7zdwYduaDTyr4XyEb3OmzTLg3zXPvIR0d/y1S723siMnIVNEpfsf+p +-----END CERTIFICATE-----