ozone-docker-compose/docker-compose-keycloak.yml at main · ozone-his/ozone-docker-compose · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
services:

  keycloak:
    image: quay.io/keycloak/keycloak:26.4.5
    restart: unless-stopped
    entrypoint: [ "/bin/bash", "-c" ]
    command: >
      "/opt/keycloak/bin/kc.sh build --health-enabled=true --metrics-enabled=true &&
       /opt/keycloak/bin/kc.sh start --optimized --import-realm"
    volumes:
      - ${KEYCLOAK_CONFIG_PATH}/realms:/opt/keycloak/data/import
      - ${KEYCLOAK_CONFIG_PATH}/themes/carbon:/opt/keycloak/themes/carbon
    environment:
      KC_HOSTNAME: ${SERVER_SCHEME}://${KEYCLOAK_HOSTNAME}
      KC_HOSTNAME_ADMIN: ${SERVER_SCHEME}://${KEYCLOAK_HOSTNAME}
      KC_HOSTNAME_STRICT: 'false'
      KC_HOSTNAME_BACKCHANNEL_DYNAMIC: 'true'
      KC_HEALTH_ENABLED: true
      KC_METRICS_ENABLED: true
      KC_HTTP_ENABLED: true
      KC_DB: postgres
      KC_DB_URL: jdbc:postgresql://postgresql:5432/${KEYCLOAK_DB}
      KC_DB_USERNAME: ${KEYCLOAK_DB_USER}
      KC_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD}
      KC_BOOTSTRAP_ADMIN_USERNAME: ${KEYCLOAK_USER}
      KC_BOOTSTRAP_ADMIN_PASSWORD: ${KEYCLOAK_PASSWORD}
      KC_DIR: /opt/keycloak/data/import
      KC_OVERRIDE: 'false'
      KC_LOG_CONSOLE_OUTPUT: json
    healthcheck:
      test: ["CMD-SHELL", "{ printf 'HEAD /health/ready HTTP/1.0\\r\\n\\r\\n' >&0; grep 'HTTP/1.0 200'; } 0<>/dev/tcp/localhost/9000"]
      interval: 15s
      timeout: 3s
      retries: 5
      start_period: 30s

    depends_on:
      postgresql:
        condition: service_started
      env-substitution:
        condition: service_completed_successfully
    networks:
      ozone:
      web:
    labels:
      traefik.enable: "true"
      traefik.http.routers.keycloak.rule: "Host(`${KEYCLOAK_HOSTNAME}`)"
      traefik.http.routers.keycloak.entrypoints: "websecure"
      traefik.http.services.keycloak.loadbalancer.server.port: 8080

  postgresql:
    environment:
      KEYCLOAK_DB: ${KEYCLOAK_DB}
      KEYCLOAK_DB_SCHEMA: ${KEYCLOAK_DB_SCHEMA}
      KEYCLOAK_DB_USER: ${KEYCLOAK_DB_USER}
      KEYCLOAK_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD}
    volumes:
      - "${SQL_SCRIPTS_PATH}/postgresql/keycloak:/docker-entrypoint-initdb.d/db/keycloak"

  env-substitution:
    environment:
      - KEYCLOAK_URL=${SERVER_SCHEME}://${KEYCLOAK_HOSTNAME}
      - KEYCLOAK_INTERNAL_HOST_URL=${KEYCLOAK_INTERNAL_HOST_URL}
      - KEYCLOAK_ADMIN_SA_CLIENT_SECRET=${KEYCLOAK_ADMIN_SA_CLIENT_SECRET}
      - EIP_CLIENT_SECRET=${OAUTH_CLIENT_SECRET}
      - OPENMRS_PUBLIC_URL=${SERVER_SCHEME}://${O3_HOSTNAME}
      - OPENMRS_CLIENT_UUID=${OPENMRS_CLIENT_UUID}
      - OPENMRS_CLIENT_SECRET=${OPENMRS_CLIENT_SECRET}
      - ODOO_PUBLIC_URL=${SERVER_SCHEME}://${ODOO_HOSTNAME}
      - ODOO_CLIENT_UUID=${ODOO_CLIENT_UUID}
      - ODOO_CLIENT_SECRET=${ODOO_CLIENT_SECRET}
      - SENAITE_PUBLIC_URL=${SERVER_SCHEME}://${SENAITE_HOSTNAME}
      - SENAITE_CLIENT_UUID=${SENAITE_CLIENT_UUID}
      - SENAITE_CLIENT_SECRET=${SENAITE_CLIENT_SECRET}
      - SUPERSET_PUBLIC_URL=${SERVER_SCHEME}://${SUPERSET_HOSTNAME}
      - SUPERSET_CLIENT_UUID=${SUPERSET_CLIENT_UUID}
      - SUPERSET_CLIENT_SECRET=${SUPERSET_CLIENT_SECRET}
      - SUPERSET_CLIENT_ENABLED=${SUPERSET_CLIENT_ENABLED}
      - OPENELIS_PUBLIC_URL=${SERVER_SCHEME}://${OPENELIS_HOSTNAME}
      - OPENELIS_HOSTNAME=${OPENELIS_HOSTNAME}

volumes:
  keycloak-realm: ~