本文基于不同版本的keycloak参数,编写相应的部署脚本,通过docker-compose实现keycloak的容器化部署。keycloak18版本部署方式开始有较大的变化,本文以keycloak14和keycloak18为例进行部署。
keycloak14测试和生产环境部署
version: "3.7"
services:
keycloak:
image: quay.io/keycloak/keycloak:14.0.0
restart: unless-stopped
container_name: keycloak
environment:
- DB_VENDOR=MYSQL
- DB_ADDR={ip}
- DB_PORT={port}
- DB_DATABASE=keycloak
- DB_USER={username}
- DB_PASSWORD={password}
- KEYCLOAK_USER={kc_username}
- KEYCLOAK_PASSWORD={kc_password}
command:
- "-b 0.0.0.0 -Dkeycloak.profile.feature.upload_scripts=enabled"
ports:
- 8080:8080
- 8443:8443
volumes:
- "/root/apps/keycloak/cert/:/etc/x509/https"
keycloak18测试环境部署
version: '3.1'
services:
keycloak-prod:
container_name: keycloak-prod
image: quay.io/keycloak/keycloak:18.0.0
environment:
KC_DB: mysql
KC_DB_URL: jdbc:mysql://{ip}:{port}/{database}?useUnicode=true&characterEncoding=UTF-8&serverTimezone=Asia/Shanghai
KC_DB_USERNAME: {username}
KC_DB_PASSWORD: {password}
KEYCLOAK_ADMIN: {kc_username}
KEYCLOAK_ADMIN_PASSWORD: {kc_password}
DEBUG_PORT: '*:8787'
DEBUG: 'true'
volumes:
- ./providers:/opt/keycloak/providers
command: ['start-dev', '--debug', '--import-realm']
ports:
- 8080:8080
keycloak18生产环境部署
version: '3'
services:
keycloak:
container_name: keycloak-prod
image: quay.io/keycloak/keycloak:18.0.0
environment:
# KC_DB: mysql
# KC_DB_URL: jdbc:mysql://{ip}:{port}/{database}?useUnicode=true&characterEncoding=UTF-8&serverTimezone=Asia/Shanghai
KC_DB_URL_HOST: {ip}
KC_DB_URL_PORT: {port}
KC_DB_URL_DATABASE: {database}
KC_DB_USERNAME: {username}
KC_DB_PASSWORD: {password}
KEYCLOAK_ADMIN: {kc_admin}
KEYCLOAK_ADMIN_PASSWORD: {kc_password}
KC_HOSTNAME: td.idm.com
KC_HTTPS_CERTIFICATE_FILE: /opt/keycloak/conf/server.crt.pem
KC_HTTPS_CERTIFICATE_KEY_FILE: /opt/keycloak/conf/server.key.pem
# DEBUG_PORT: '*:8787'
# DEBUG: 'true'
volumes:
- ./providers:/opt/keycloak/providers
- /home/tdpt/cert/server.crt.pem:/opt/keycloak/conf/server.crt.pem
- /home/tdpt/cert/server.key.pem:/opt/keycloak/conf/server.key.pem
command: start
ports:
- 8443:8443
或者
version: '3'
services:
keycloak:
container_name: keycloak
image: quay.io/keycloak/keycloak:18.0.0
environment:
DB_VENDOR: mysql
DB_ADDR: {ip}:{port}
DB_DATABASE: {database}
DB_USER: {username}
DB_PASSWORD: {password}
KEYCLOAK_ADMIN: {kc_username}
KEYCLOAK_ADMIN_PASSWORD: {kc_password}
VIRTUAL_PORT: "8443"
PROXY_ADDRESS_FORWARDING: "true"
volumes:
# - ./theme/:/opt/keycloak/themes/metronic-theme/
- ./keys/:/opt/keycloak/conf/keys/
ports:
- "8443:8443"
restart: unless-stopped
command:
- start --proxy=passthrough --hostname="myhostname" --hostname-strict-backchannel=true --https-certificate-file=/opt/keycloak/conf/keys/server.crt.pem --https-certificate-key-file=/opt/keycloak/conf/keys/server.k
ey.pem
注意:ssl证书需要授权
chmod -R 644 /home/tdpt/cert/server.key.pem
chmod -R 644 /home/tdpt/cert/server.crt.pem
