Add keycloak node
This commit is contained in:
99
20230520122106-keycloak.org
Normal file
99
20230520122106-keycloak.org
Normal file
@@ -0,0 +1,99 @@
|
||||
:PROPERTIES:
|
||||
:ID: e0695c59-6fd5-4074-81ca-8e14ec965bbd
|
||||
:mtime: 20230521180042
|
||||
:ctime: 20230520122106
|
||||
:END:
|
||||
#+title: keycloak
|
||||
|
||||
* Introduction
|
||||
Service open-source de gestion d'authentification et d'accès.
|
||||
|
||||
* Installation
|
||||
** Application
|
||||
#+BEGIN_SRC shell
|
||||
apt install openjdk-19-jre
|
||||
cd /opt/
|
||||
wget https://github.com/keycloak/keycloak/releases/download/21.1.1/keycloak-21.1.1.zip
|
||||
unzip keycloak-21.1.1.zip
|
||||
cd keycloak-21.1.1
|
||||
# bin/kc.sh start-dev
|
||||
|
||||
cat >/opt/keycloak/conf/keycloak.conf <<EOF
|
||||
db=postgres
|
||||
db-username=keycloak
|
||||
db-password=<db_password>
|
||||
proxy=edge
|
||||
hostname=login.adrien.run
|
||||
http-host=127.0.0.1
|
||||
http-port=9090
|
||||
hostname-strict-https=false
|
||||
EOF
|
||||
|
||||
bin/kc.sh build
|
||||
|
||||
cat >/lib/systemd/system/keycloak.service <<EOF
|
||||
[Unit]
|
||||
Description=Keycloak service
|
||||
|
||||
[Service]
|
||||
User=keycloak
|
||||
ExecStart=/opt/keycloak/bin/kc.sh start
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
Restart=always
|
||||
RestartSec=3
|
||||
SyslogIdentifier=keycloak
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
|
||||
adduser --system --no-create-home --disabled-password --disabled-login keycloak
|
||||
chown keycloak ./data/ -R
|
||||
|
||||
systemctl enable keycloak
|
||||
systemctl start keycloak
|
||||
#+END_SRC
|
||||
|
||||
** Nginx
|
||||
#+BEGIN_SRC conf
|
||||
server {
|
||||
server_name login.adrien.run;
|
||||
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
# SSL configuration
|
||||
include /etc/nginx/ssl.conf;
|
||||
ssl_certificate /etc/letsencrypt/live/login.adrien.run/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/login.adrien.run/privkey.pem;
|
||||
|
||||
# Loggin coinfuguration
|
||||
access_log /var/log/nginx/login.access.log;
|
||||
error_log /var/log/nginx/login.error.log;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:9090;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
server_name login.adrien.run;
|
||||
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
if ($host = login.adrien.run) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
return 404;
|
||||
}
|
||||
#+END_SRC
|
||||
|
||||
* Références
|
||||
* [[https://github.com/keycloak/keycloak][Keycloak - Github]]
|
||||
|
||||
Reference in New Issue
Block a user