org-roamings/20230520122106-keycloak.org

:PROPERTIES:
:ID:       e0695c59-6fd5-4074-81ca-8e14ec965bbd
:mtime:    20230521180042
:ctime:    20230520122106
:END:
#+title: keycloak

* Introduction
Service open-source de gestion d'authentification et d'accès.

* Installation
** Application
#+BEGIN_SRC shell
apt install openjdk-19-jre
cd /opt/
wget https://github.com/keycloak/keycloak/releases/download/21.1.1/keycloak-21.1.1.zip
unzip keycloak-21.1.1.zip
cd keycloak-21.1.1
# bin/kc.sh start-dev

cat >/opt/keycloak/conf/keycloak.conf <<EOF
db=postgres
db-username=keycloak
db-password=<db_password>
proxy=edge
hostname=login.adrien.run
http-host=127.0.0.1
http-port=9090
hostname-strict-https=false
EOF

bin/kc.sh build

cat >/lib/systemd/system/keycloak.service <<EOF
[Unit]
Description=Keycloak service

[Service]
User=keycloak
ExecStart=/opt/keycloak/bin/kc.sh start
ExecReload=/bin/kill -HUP $MAINPID
Restart=always
RestartSec=3
SyslogIdentifier=keycloak

[Install]
WantedBy=multi-user.target
EOF

adduser --system --no-create-home --disabled-password --disabled-login keycloak
chown keycloak ./data/ -R

systemctl enable keycloak
systemctl start keycloak
#+END_SRC

** Nginx
#+BEGIN_SRC conf
server {
	server_name login.adrien.run;

	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	# SSL configuration
	include /etc/nginx/ssl.conf;
	ssl_certificate /etc/letsencrypt/live/login.adrien.run/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/login.adrien.run/privkey.pem;

	# Loggin coinfuguration
	access_log /var/log/nginx/login.access.log;
	error_log /var/log/nginx/login.error.log;

	location / {
		proxy_pass http://127.0.0.1:9090;
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
	}
}

server {
        server_name login.adrien.run;

        listen 80;
        listen [::]:80;

        if ($host = login.adrien.run) {
                return 301 https://$host$request_uri;
        }

        return 404;
}
#+END_SRC

* Références
 * [[https://github.com/keycloak/keycloak][Keycloak - Github]]