2.1 KiB
2.1 KiB
keycloak
Introduction
Service open-source de gestion d'authentification et d'accès.
Installation
Application
apt install openjdk-19-jre
cd /opt/
wget https://github.com/keycloak/keycloak/releases/download/21.1.1/keycloak-21.1.1.zip
unzip keycloak-21.1.1.zip
cd keycloak-21.1.1
# bin/kc.sh start-dev
cat >/opt/keycloak/conf/keycloak.conf <<EOF
db=postgres
db-username=keycloak
db-password=<db_password>
proxy=edge
hostname=login.adrien.run
http-host=127.0.0.1
http-port=9090
hostname-strict-https=false
EOF
bin/kc.sh build
cat >/lib/systemd/system/keycloak.service <<EOF
[Unit]
Description=Keycloak service
[Service]
User=keycloak
ExecStart=/opt/keycloak/bin/kc.sh start
ExecReload=/bin/kill -HUP $MAINPID
Restart=always
RestartSec=3
SyslogIdentifier=keycloak
[Install]
WantedBy=multi-user.target
EOF
adduser --system --no-create-home --disabled-password --disabled-login keycloak
chown keycloak ./data/ -R
systemctl enable keycloak
systemctl start keycloakNginx
server {
server_name login.adrien.run;
listen 443 ssl http2;
listen [::]:443 ssl http2;
# SSL configuration
include /etc/nginx/ssl.conf;
ssl_certificate /etc/letsencrypt/live/login.adrien.run/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/login.adrien.run/privkey.pem;
# Loggin coinfuguration
access_log /var/log/nginx/login.access.log;
error_log /var/log/nginx/login.error.log;
location / {
proxy_pass http://127.0.0.1:9090;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
server_name login.adrien.run;
listen 80;
listen [::]:80;
if ($host = login.adrien.run) {
return 301 https://$host$request_uri;
}
return 404;
}