#ifndef SOURCE #define SOURCE gitea.sebastian-tobie.de/docker/keycloak:latest-orig #endif FROM SOURCE as builder ENV PATH="/opt/keycloak/bin:/usr/bin:/usr/local/bin" ENV KC_HEALTH_ENABLED=false ENV KC_DB=postgres ENV KC_CACHE_STACK=tcp ENV KC_HTTPS_CLIENT_AUTH=request ENV KC_FEATURES=dynamic-scopes,recovery-codes,preview ENV KC_DB_URL=postgresql://postgres.services.tobie:5432/keycloak RUN kc.sh build FROM SOURCE ENV PATH="/opt/keycloak/bin:/usr/bin:/usr/local/bin" COPY --from=builder /opt/keycloak/ /opt/keycloak/ WORKDIR /opt/keycloak ENV KC_HOSTNAME_ADMIN_URL="https://admin.sso.sebastian-tobie.de" ENV KC_HOSTNAME_URL="https://sso.sebastian-tobie.de" ENV KC_DB_USERNAME=keycloak ENV KC_DB_PASSWORD=changeme ENV KC_DB_URL=postgresql://postgres.services.tobie:5432/keycloak ENV KEYCLOAK_ADMIN="admin" ENV KEYCLOAK_ADMIN_PASSWORD="admin" EXPOSE 8080 COPY --chown=root:root tobie-ca.crt /etc/pki/ca-trust/source/anchors/tobie-ca.crt USER root RUN keytool -importcert -alias tobieca -cacerts -storepass changeit -noprompt -trustcacerts -file /etc/pki/ca-trust/source/anchors/tobie-ca.crt USER keycloak ENTRYPOINT ["kc.sh", "start", "--optimized", "--http-enabled", "true", "--proxy", "edge", "--log-console-format", "'%-5p [%c] (%t) %s%e%n'", "--hostname-strict-backchannel=true"]