From 5a167f8b09589bab0c9e542ed4b5b20ec92cf2bc Mon Sep 17 00:00:00 2001 From: Dimitris ZARRAS <138439389+dzarras@users.noreply.github.com> Date: Mon, 20 Nov 2023 13:00:31 +0200 Subject: [PATCH] Add pid-issuer to docker-compose and update README (#22) --- README.md | 61 +++++++++++++- docker-compose/docker-compose.yaml | 80 +++++++++++++++++++ .../haproxy/certs/localhost.tls.crt | 0 .../haproxy/certs/localhost.tls.key | 0 .../haproxy/certs/localhost.tls.pem | 0 .../haproxy/haproxy.conf | 8 ++ .../keycloak/certs/keycloak.tls.crt | 28 +++++++ .../keycloak/certs/keycloak.tls.key | 52 ++++++++++++ .../keycloak/extra}/health-check.sh | 0 .../realms}/pid-issuer-realm-realm.json | 0 .../realms}/pid-issuer-realm-users-0.json | 0 .../login/messages/messages_en.properties | 0 .../themes}/pid-issuer/login/register.ftl | 0 .../themes}/pid-issuer/login/theme.properties | 0 keycloak/docker-compose.yaml | 50 ------------ 15 files changed, 226 insertions(+), 53 deletions(-) create mode 100644 docker-compose/docker-compose.yaml rename {keycloak => docker-compose}/haproxy/certs/localhost.tls.crt (100%) rename {keycloak => docker-compose}/haproxy/certs/localhost.tls.key (100%) rename {keycloak => docker-compose}/haproxy/certs/localhost.tls.pem (100%) rename {keycloak => docker-compose}/haproxy/haproxy.conf (72%) create mode 100644 docker-compose/keycloak/certs/keycloak.tls.crt create mode 100644 docker-compose/keycloak/certs/keycloak.tls.key rename {keycloak/keycloak-extra => docker-compose/keycloak/extra}/health-check.sh (100%) rename {keycloak/keycloak-realms => docker-compose/keycloak/realms}/pid-issuer-realm-realm.json (100%) rename {keycloak/keycloak-realms => docker-compose/keycloak/realms}/pid-issuer-realm-users-0.json (100%) rename {keycloak/keycloak-themes => docker-compose/keycloak/themes}/pid-issuer/login/messages/messages_en.properties (100%) rename {keycloak/keycloak-themes => docker-compose/keycloak/themes}/pid-issuer/login/register.ftl (100%) rename {keycloak/keycloak-themes => docker-compose/keycloak/themes}/pid-issuer/login/theme.properties (100%) delete mode 100644 keycloak/docker-compose.yaml diff --git a/README.md b/README.md index 4f531eb3..47153443 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ * [Endpoints](#endpoints) * [How to contribute](#how-to-contribute) * [License](#license) - + ## Overview An implementation of a credential issuing service, according to @@ -34,14 +34,69 @@ and requires the use of a suitable OAUTH2 server. ## How to use docker -Folder [keycloak](keycloak) contains a keycloak installation to be used in a local development environment +Folder [docker-compose](docker-compose) contains the following services to be used in a local development environment: + +### Keycloak + +A Keycloak instance accessible via https://localhost/idp/ with the Realm *pid-issuer-realm*. + +The Realm *pid-issuer-realm*: + +- has user self-registration active with a custom registration page accessible via https://localhost/idp/realms/pid-issuer-realm/account/#/ +- defines *eu.europa.ec.eudiw.pid_vc_sd_jwt* scope for requesting PID issuance in SD JWT VC format +- defines *eu.europa.ec.eudiw.pid_mso_mdoc* scope for requesting PID issuance in MSO MDOC format +- defines *wallet-dev* and *pid-issuer-srv* clients +- contains sample user with credentials: tneal / password + +Administration console is accessible via https://localhost/idp/admin/ using the credentials admin / password + +### PID Issuer + +A PID Issuer instance accessible via https://localhost/pid-issuer/ +It uses the configured Keycloak instance as an Authorization Server, and PID issuance both *SD JWT VC* and *MSO MDOC* +formats is enabled. Additionally *deferred issuance* is enabled for *SD JWT VC* format. + +The issuing country is set to GR (Greece). + +### HA Proxy + +An HA Proxy instance is also configured. This instance exposes both Keyclaok and PID Issuer via https. The certificate +and respective private key can be found in [docker-compose/haproxy/certs](docker-compose/haproxy/certs). + +### docker compose usage ```shell -cd keycloak +cd docker-compose docker-compose up -d ``` +or + +```shell +cd docker-compose +docker compose up -d +``` + +## Configuration + +The PID Issuer application can be configured using the following *environment variables*: + +| Environment variable | Description | Default value | +|-----------------------------------------------------------------|---------------------------------------------------------------------------------|--------------------------------------------------------------------------| +| SPRING_PROFILES_ACTIVE | Spring profiles to enable. | None. Enable *insecure* profile to disable SSL certificates verification | +| SPRING_WEBFLUX_BASE_PATH | Context path for the PID issuer application. | / | +| SERVER_PORT | Port for the HTTP listener of the PID Isser application | 8080 | +| SPRING_SECURITY_OAUTH2_RESOURCESERVER_OPAQUETOKEN_CLIENT_ID | Client Id of the OAuth2 client registered in the Authorization Server | N/A | +| SPRING_SECURITY_OAUTH2_RESOURCESERVER_OPAQUETOKEN_CLIENT_SECRET | Client Server of the OAuth2 client registered in the Authorization Server | N/A | +| ISSUER_PUBLICURL | URL the PID Issuer application is accessible from. | http://localhost:${SERVER_PORT}${SPRING_WEBFLUX_BASE_PATH} | +| ISSUER_AUTHORIZATIONSERVER | URL of the Authorization Server | N/A | +| ISSUER_AUTHORIZATIONSERVER_INTROSPECTION | URL of the Token Introspection endpoint of the Authorization Server | N/A | +| ISSUER_AUTHORIZATIONSERVER_USERINFO | URL of the UserInfo endpoint of the Authorization Server | N/A | +| ISSUER_PID_MSO_MDOC_ENABLED | Whether to enable support for PID issuance in *MSO MDOC* format | true | +| ISSUER_PID_SD_JWT_VC_ENABLED | Whether to enable support for PID issuance in *SD JWT VC* format | true | +| ISSUER_PID_SD_JWT_VC_DEFERRED | Whether PID issueance in *SD JWT VC* format should be *deferred* or *immediate* | false (i.e. immediate issuance) | +| ISSUER_PID_ISSUING_COUNTRY | Code of the Country issuing the PID | N/A | ## Endpoints diff --git a/docker-compose/docker-compose.yaml b/docker-compose/docker-compose.yaml new file mode 100644 index 00000000..e9afb014 --- /dev/null +++ b/docker-compose/docker-compose.yaml @@ -0,0 +1,80 @@ +version: '3.8' + +networks: + default: + driver: bridge + +services: + keycloak: + image: quay.io/keycloak/keycloak:nightly + container_name: keycloak + command: + - start-dev + - --import-realm + environment: + - KC_PROXY=edge + - KC_HTTP_RELATIVE_PATH=/idp + - KC_HOSTNAME=localhost + - KC_HOSTNAME_STRICT=false + - KC_HOSTNAME_STRICT_BACKCHANNEL=false + - KC_HTTPS_CERTIFICATE_FILE=/etc/ssl/certs/keycloak.tls.crt + - KC_HTTPS_CERTIFICATE_KEY_FILE=/etc/ssl/certs/keycloak.tls.key + - KC_HEALTH_ENABLED=true + - KC_METRICS_ENABLED=true + - KC_SPI_THEME_STATIC_MAX_AGE=-1 + - KC_SPI_THEME_CACHE_THEMES=false + - KC_SPI_THEME_CACHE_TEMPLATES=false + - KEYCLOAK_ADMIN=admin + - KEYCLOAK_ADMIN_PASSWORD=password + healthcheck: + test: "bash /opt/keycloak/health-check.sh" + interval: 5s + timeout: 10s + retries: 12 + volumes: + - ./keycloak/extra/health-check.sh:/opt/keycloak/health-check.sh + - ./keycloak/realms/:/opt/keycloak/data/import + - ./keycloak/themes/:/opt/keycloak/themes + - ./keycloak/certs/:/etc/ssl/certs/ + networks: + - default + + pid-issuer: + image: ghcr.io/eu-digital-identity-wallet/eudi-srv-pid-issuer:edge + pull_policy: always + container_name: pid-issuer + depends_on: + keycloak: + condition: service_healthy + environment: + - SPRING_PROFILES_ACTIVE=insecure + - SPRING_WEBFLUX_BASE_PATH=/pid-issuer + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_OPAQUETOKEN_CLIENT_ID=pid-issuer-srv + - SPRING_SECURITY_OAUTH2_RESOURCESERVER_OPAQUETOKEN_CLIENT_SECRET=zIKAV9DIIIaJCzHCVBPlySgU8KgY68U2 + - ISSUER_PUBLICURL=https://localhost/pid-issuer + - ISSUER_AUTHORIZATIONSERVER=https://localhost/idp/realms/pid-issuer-realm + - ISSUER_AUTHORIZATIONSERVER_INTROSPECTION=https://keycloak:8443/idp/realms/pid-issuer-realm/protocol/openid-connect/token/introspect + - ISSUER_AUTHORIZATIONSERVER_USERINFO=https://keycloak:8443/idp/realms/pid-issuer-realm/protocol/openid-connect/userinfo + - ISSUER_PID_MSO_MDOC_ENABLED=true + - ISSUER_PID_SD_JWT_VC_ENABLED=true + - ISSUER_PID_SD_JWT_VC_DEFERRED=true + - ISSUER_PID_ISSUING_COUNTRY=GR + networks: + - default + + haproxy: + image: haproxy:2.8.3 + container_name: haproxy + ports: + - "443:443" + - "80:80" + depends_on: + keycloak: + condition: service_healthy + pid-issuer: + condition: service_started + volumes: + - ./haproxy/haproxy.conf:/usr/local/etc/haproxy/haproxy.cfg + - ./haproxy/certs/:/etc/ssl/certs/ + networks: + - default diff --git a/keycloak/haproxy/certs/localhost.tls.crt b/docker-compose/haproxy/certs/localhost.tls.crt similarity index 100% rename from keycloak/haproxy/certs/localhost.tls.crt rename to docker-compose/haproxy/certs/localhost.tls.crt diff --git a/keycloak/haproxy/certs/localhost.tls.key b/docker-compose/haproxy/certs/localhost.tls.key similarity index 100% rename from keycloak/haproxy/certs/localhost.tls.key rename to docker-compose/haproxy/certs/localhost.tls.key diff --git a/keycloak/haproxy/certs/localhost.tls.pem b/docker-compose/haproxy/certs/localhost.tls.pem similarity index 100% rename from keycloak/haproxy/certs/localhost.tls.pem rename to docker-compose/haproxy/certs/localhost.tls.pem diff --git a/keycloak/haproxy/haproxy.conf b/docker-compose/haproxy/haproxy.conf similarity index 72% rename from keycloak/haproxy/haproxy.conf rename to docker-compose/haproxy/haproxy.conf index 0f3b03df..ab3f6565 100755 --- a/keycloak/haproxy/haproxy.conf +++ b/docker-compose/haproxy/haproxy.conf @@ -20,10 +20,12 @@ defaults frontend all_http_frontend bind 0.0.0.0:80 use_backend keycloak-backend if { path_beg /idp } + use_backend pid-issuer-backend if { path_beg /pid-issuer } frontend all_https_frontend bind 0.0.0.0:443 ssl crt /etc/ssl/certs/localhost.tls.pem use_backend keycloak-backend if { path_beg /idp } + use_backend pid-issuer-backend if { path_beg /pid-issuer } backend keycloak-backend balance roundrobin @@ -31,5 +33,11 @@ backend keycloak-backend option forwarded proto host by by_port for server server1 keycloak:8080 cookie server1 +backend pid-issuer-backend + balance roundrobin + cookie SERVERUSED insert indirect nocache + option forwarded proto host by by_port for + server server1 pid-issuer:8080 cookie server1 + backend no-match http-request deny deny_status 404 diff --git a/docker-compose/keycloak/certs/keycloak.tls.crt b/docker-compose/keycloak/certs/keycloak.tls.crt new file mode 100644 index 00000000..e2ca46d9 --- /dev/null +++ b/docker-compose/keycloak/certs/keycloak.tls.crt @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIE2jCCAsKgAwIBAgIEZVdYUDANBgkqhkiG9w0BAQ0FADAgMQswCQYDVQQGEwJH +UjERMA8GA1UEAwwIa2V5Y2xvYWswIBcNMjMxMTE3MTIxMDU2WhgPMjEyMzExMTcx +MjEwNTZaMCAxCzAJBgNVBAYTAkdSMREwDwYDVQQDDAhrZXljbG9hazCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBAOJj3CZsu1Lyx5Vgnb7xTSmT12nsPBWu +1aLELGMgKlaMlzteQHczvuEchyhswy2Slu+SK69v+fIMx/gETPlRA3dv25s6niRg +kARdOLKVWtNbfe73xlLzxs53o6tGYu3B3IqcEQ6rrY0290xv106yFFKjtuXrIjCK +xRq4feRc1iYxw50eQlGTH1JFDI/hTSrs0y5vChahYL3aJmKRoYdf/yFtc3md6bCG +AEnAa0d8bMiMgPFw97i4IMrRImpd2f9/Cf7f5UkmghUcQ2+EdpI6LfQwRqw6WcmM +PJiayEYBHfapvS7HJTw9WeLANoQ9SUe5kpA5oL0fAIzSmHNMl3XhNM59wmdAeweu +jjGSEYqs5+8mmvvxP0ORtQVeJjjSPJdBfWDVgd+8Zp9LfEOChA8eavQjMpv1Q/fW +LuwAOq4kdKGWv6aFcu+FvCADQ/kNhTU96StzjVyeNycGn4uxQBpWHSMR4zbb3d5r +B2vQ9EYrnTu6WqUT28hoAaCJ+dhBZ/n2Ph/FTMpNPKZPqN2MRQD3NkMJ0NVSqgzX +Kom5NRrCfjOW2wsNy2CTUkzy9kBzWTV6rWoZ1O79P48XRDApCCGxwg34ehjtdbv/ +2CG7A6jV45bJwaAdMQoliJiNOfBMQ22KMVY5/fkyzAj7zuJV1iLo/umq76+7ziQF +f2ZFGcU8N/pLAgMBAAGjGjAYMBYGA1UdEQEB/wQMMAqCCGtleWNsb2FrMA0GCSqG +SIb3DQEBDQUAA4ICAQA0ahabnZfv8+w/fi48HoypFzhDtHnKrd8P73n1nGgJ3/Ld +WG/9LE3xVXdAQzeqAXkpiGZ+KCzJVtT2QJFJmI48tmbxpSRH6LI4UY6OgsmhqADV +M3/HVx+Qkc2JQHrzPESJwOsXtfxmI/pwN3oVyO5Sp5IMvcJ0Cg7gWfeBtcYkJC91 ++AQBuwKvH7PxI0q/OvK52SR0vvMeZD14qhWARLHFkGQ/VMS2eSIMTS9mTHY9+pRx +4JwyUu/j5G8jH6KGM3laiJpoPGY1cQlvYL25bNIyLoThDbBKt5O6CUvEgrFHvtLk +u2WSCg+ErZnSYGndcydwEzqU6yFAVDEyqwSl3AJ+CVqxCOYEirhKHrl5MoeBitls +drab89+6zOgHFAIC5NLX+PPwVjq0e33wTCMKMMNLPjZk/S4TjjaR4IQmLx7zWxR2 +Ua/mlH2HwfjF4Y2v/GawTpfgN19oFds87BB2nAFmL2i3b/+x15RCZb8khrfT8Cpk +LyZusR3o9bQGEuK8yGxROWiXKWgXXmtlDA53/ZXu/m/u1234hJiF/C1jSjSeI4W1 +sahCkuXivAxc+h0yK+TftBWMZABTMywlOu89Tocv8Zgr3lYNQEf2MyZrIsyDs3DI +VhIvU8ig0f/Mt62JLoCTD/Dxai4S/iFJ4fOaAZhdCGABzWcOkfvR3BZoPt5yzw== +-----END CERTIFICATE----- diff --git a/docker-compose/keycloak/certs/keycloak.tls.key b/docker-compose/keycloak/certs/keycloak.tls.key new file mode 100644 index 00000000..a0aefc45 --- /dev/null +++ b/docker-compose/keycloak/certs/keycloak.tls.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDiY9wmbLtS8seV +YJ2+8U0pk9dp7DwVrtWixCxjICpWjJc7XkB3M77hHIcobMMtkpbvkiuvb/nyDMf4 +BEz5UQN3b9ubOp4kYJAEXTiylVrTW33u98ZS88bOd6OrRmLtwdyKnBEOq62NNvdM +b9dOshRSo7bl6yIwisUauH3kXNYmMcOdHkJRkx9SRQyP4U0q7NMubwoWoWC92iZi +kaGHX/8hbXN5nemwhgBJwGtHfGzIjIDxcPe4uCDK0SJqXdn/fwn+3+VJJoIVHENv +hHaSOi30MEasOlnJjDyYmshGAR32qb0uxyU8PVniwDaEPUlHuZKQOaC9HwCM0phz +TJd14TTOfcJnQHsHro4xkhGKrOfvJpr78T9DkbUFXiY40jyXQX1g1YHfvGafS3xD +goQPHmr0IzKb9UP31i7sADquJHShlr+mhXLvhbwgA0P5DYU1Pekrc41cnjcnBp+L +sUAaVh0jEeM2293eawdr0PRGK507ulqlE9vIaAGgifnYQWf59j4fxUzKTTymT6jd +jEUA9zZDCdDVUqoM1yqJuTUawn4zltsLDctgk1JM8vZAc1k1eq1qGdTu/T+PF0Qw +KQghscIN+HoY7XW7/9ghuwOo1eOWycGgHTEKJYiYjTnwTENtijFWOf35MswI+87i +VdYi6P7pqu+vu84kBX9mRRnFPDf6SwIDAQABAoICADnKRwTyBaGHgwYxOyNmYo2m +BTuvR6k7T6K0lCYbrGMakXJgvXEQXv4E88WQegRUor32ILuwiGvO8m7v3hxYn1tq +TPNjs8HSeoD6sQH5WU2R0eRiEJjVTN8gsEGE/rT1o1AoxbvqfCuLp/Y1qI8Yq1Jr +I0Gu07PzgJwxE0XroujuFCKz+jbrqPet06aY20OFX+U/CCK9wD3GhbzsswClMzH7 +yBn4AxMCKempuljtvLE3GKVJcpsPOaO8Xh4r5f2wFsOesN+K+nLcG6TIeiIawudO +OYQ2gvwNldxYyp4AI/921emugWVOvfbBnUkFggLSrsStSUhttQy9p5frKdC4E+vV +Ff2HnWWWc+Uvl0znsFwdPBJJkwZIa9ZnrOQCPsPLiZiZ79nG2l9fdrqZnEeQlTiF +2LrP69qvvyBiYJLrp6UL/AFL2LoqdTM1Da0T9i3hc+BXtVqFM9lZmCmWmP3dfAJN +BoeRqf3eGf28BVlmIbqX+txxl9uSZ9fVeEcYfz0al1WFmBZW8/VI6kGyk1HaWa/A +K5Q2uYFtd9AadtFCdvkFXbjOTtqEcE5oXgdu3ukpy9gmL+G9YKtx5+eNJG8Tlpow +ZaXzEpz3wKk443h0KciRmYTSXXpR24BMIK4OAkJsOTprUQLzCtdVmmHNUbdVZuje +E/V6mOj8x7E4/St7hsQVAoIBAQD/Heb3ceoeXojUZRQHixg6CkTPfaf6aThkC1fw +ZlI3/gMZlWuMxn2iL5XllPHKejoPJOYH6chjz/qlLflgeblyba+FQEsT3PcKeXvX +OI8SF+/qsfg1IAQY3lvqTJNm3onEicyUT5C0ARtdqAZKfRAKd7WYPBOsJe5PgOng +5xD8YYZPBuqtl6W5CvGSG1/q0Cb7O85iF16UnuAOhg+sX7CsIDaZUDgyLKy9+IvV +9QGAMXkReU/TaxZbnXY23GAZrtJAoiha0IRJ44RdnSlClLcS+rjLY7LivstJ1lIM +4FL40M2yvtmRk4UxbWUoolgs3/8/b8xwz6NVpDemKa57nU2PAoIBAQDjLH+mDURX +cgnXiOiaN/Dn7QTAJ0NhtJ/J/2Z8DKs0vGHJ5y3OvoqXfmT3v1iBCCkmLN8SoEyD +D5c1rpmZttDrLENoUHtPMuBfsXHi4+ZJK72/kUG2L3dgGdhtdk8Q8TAPWsSZM07S +q6KhmfK/lrTgcP7iqEfI9VD2TnlRV2yIV6yZQJpXf0s0UG/TEKBPsqR+mvViIr3x ++aeYwCu6xLujLCf7cezq+kLr5JMU0hiXgEPo07cjXbp4eAJRSlG55e0xwHnaqDdc +YajLf1/ps4ldZRO+caWG7qW8Qy6fPGm2MS+PW5zFb9eaJvtm+dUEJR/TPoXuxNG/ +fg1dvIFWbOGFAoIBAQCI1DLimHhnHXDp6eSaPyIZTxSk7NJBXlneXq8lwttqKJTl +Dd0HPhZ3/Gm7Hu2oGXI2WSX/LIZL8mqOWWAdPGwYUXgIUflyh9sABTREtJMXszr8 +d8OWSrun0usdeUC9tbHSdc4B5cLIqKdSziHBpd4KnzYIloA+noF4pr3J4GSd2Hi+ +vgj0XheGbbYvFPuW51lg+iyxM7OIpsWpRIH3g8MwLn7aL8pULt3fbgUiFixd4yr6 +EkScMh1luciDmCL642blP5PBUYECWELQKtDMYxLl3Q9sFucE8iv6SDbtrQsTZHpO +2km66JJRdkkBSEFeoC04iu/tuY/zCQbH2ic5KZ9FAoIBAECmmlFMd0WXm7tuKBwz +jWjDqFVzFxcIS202NRlalaK1dfL6yquKyHBitSNYnjxicSt/G6D2Y6/s0PCjFu2K +/JvhBfH67YzVgstY+XtDtnbeburE0PmjOorr8A7+23OL4EyOXWLoGieUVv08jbv+ +jM1O+wrQL1W+kuL15ErE4YtPwDwBCaua+3EQ7zIXCjiEM5IgUXMzRfFGRm8PSaKm +eGvwlhRWEMGypTby3vTO8daz1x+8mOMEupusM6SkzOtlxwIgr80NkGvHEz2Oq2Ic +CRy+Nkc9mojzA9G3IN6KV99U0h8vSEdcE/S34VYmBXxfgFYi9gTEmJixq+YgToKl +C+0CggEBAPvqGaNcROVXizN4eWItSqdAIGZGmPbeTBJapQBdHBfXvTKKhsVop2qt +Np4BOT+qCCjFgsd1dClIehZ+RQjIfYKTnBak0r14p8Hwm6WxjM650MysGHvJTTlA +PpP01UMpCBiL6xF2DLhNCNUiPlrnted/Fz06RKd2z8KfY96IOQO6TD20mu9mwXP5 +NRlMkEs9REUY0BQY9mpIIbX9an4c2n8DXVSOA2c+B4wpYE9SlXWo58sCRsiA2plx +VG7d6XFoEuj35SlswGDijdYMIEj19WmOHNodS/yV1QsP+TWgF8+nde9PnrEguGJi +R3yen8xSKBIYRzr8AoDtC2GtlXc9TOg= +-----END PRIVATE KEY----- diff --git a/keycloak/keycloak-extra/health-check.sh b/docker-compose/keycloak/extra/health-check.sh similarity index 100% rename from keycloak/keycloak-extra/health-check.sh rename to docker-compose/keycloak/extra/health-check.sh diff --git a/keycloak/keycloak-realms/pid-issuer-realm-realm.json b/docker-compose/keycloak/realms/pid-issuer-realm-realm.json similarity index 100% rename from keycloak/keycloak-realms/pid-issuer-realm-realm.json rename to docker-compose/keycloak/realms/pid-issuer-realm-realm.json diff --git a/keycloak/keycloak-realms/pid-issuer-realm-users-0.json b/docker-compose/keycloak/realms/pid-issuer-realm-users-0.json similarity index 100% rename from keycloak/keycloak-realms/pid-issuer-realm-users-0.json rename to docker-compose/keycloak/realms/pid-issuer-realm-users-0.json diff --git a/keycloak/keycloak-themes/pid-issuer/login/messages/messages_en.properties b/docker-compose/keycloak/themes/pid-issuer/login/messages/messages_en.properties similarity index 100% rename from keycloak/keycloak-themes/pid-issuer/login/messages/messages_en.properties rename to docker-compose/keycloak/themes/pid-issuer/login/messages/messages_en.properties diff --git a/keycloak/keycloak-themes/pid-issuer/login/register.ftl b/docker-compose/keycloak/themes/pid-issuer/login/register.ftl similarity index 100% rename from keycloak/keycloak-themes/pid-issuer/login/register.ftl rename to docker-compose/keycloak/themes/pid-issuer/login/register.ftl diff --git a/keycloak/keycloak-themes/pid-issuer/login/theme.properties b/docker-compose/keycloak/themes/pid-issuer/login/theme.properties similarity index 100% rename from keycloak/keycloak-themes/pid-issuer/login/theme.properties rename to docker-compose/keycloak/themes/pid-issuer/login/theme.properties diff --git a/keycloak/docker-compose.yaml b/keycloak/docker-compose.yaml deleted file mode 100644 index aca5fdb4..00000000 --- a/keycloak/docker-compose.yaml +++ /dev/null @@ -1,50 +0,0 @@ -version: '3.8' - -networks: - default: - driver: bridge - -services: - keycloak: - image: quay.io/keycloak/keycloak:nightly - container_name: keycloak - command: - - start-dev - - --import-realm - environment: - - KC_PROXY=edge - - KC_HTTP_RELATIVE_PATH=/idp - - KC_HOSTNAME_STRICT=false - - KC_HEALTH_ENABLED=true - - KC_METRICS_ENABLED=true - - KC_SPI_THEME_STATIC_MAX_AGE=-1 - - KC_SPI_THEME_CACHE_THEMES=false - - KC_SPI_THEME_CACHE_TEMPLATES=false - - KEYCLOAK_ADMIN=admin - - KEYCLOAK_ADMIN_PASSWORD=password - healthcheck: - test: "bash /opt/keycloak/health-check.sh" - interval: 5s - timeout: 10s - retries: 12 - volumes: - - ./keycloak-extra/health-check.sh:/opt/keycloak/health-check.sh - - ./keycloak-realms/:/opt/keycloak/data/import - - ./keycloak-themes/:/opt/keycloak/themes - networks: - - default - - haproxy: - image: haproxy:2.8.3 - container_name: haproxy - ports: - - "443:443" - - "80:80" - depends_on: - keycloak: - condition: service_healthy - volumes: - - ./haproxy/haproxy.conf:/usr/local/etc/haproxy/haproxy.cfg - - ./haproxy/certs/:/etc/ssl/certs/ - networks: - - default