From 422cc635bd22e19755819fe83f8cabbd3b2f5a02 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 26 Oct 2022 16:05:42 +0200 Subject: [PATCH] [bitnami/keycloak] Release 19.0.3-debian-11-r4 (#11485) Signed-off-by: Bitnami Containers Signed-off-by: Bitnami Containers --- bitnami/keycloak/19/debian-11/Dockerfile | 4 +- .../opt/bitnami/.bitnami_components.json | 4 +- .../opt/bitnami/scripts/keycloak-env.sh | 54 +++++++++++---- .../rootfs/opt/bitnami/scripts/libkeycloak.sh | 68 +++++++++++++------ bitnami/keycloak/README.md | 35 ++++++++-- 5 files changed, 123 insertions(+), 42 deletions(-) diff --git a/bitnami/keycloak/19/debian-11/Dockerfile b/bitnami/keycloak/19/debian-11/Dockerfile index 56981af8bb38..d7ba4e6fc36b 100644 --- a/bitnami/keycloak/19/debian-11/Dockerfile +++ b/bitnami/keycloak/19/debian-11/Dockerfile @@ -5,7 +5,7 @@ ARG TARGETARCH LABEL org.opencontainers.image.authors="https://bitnami.com/contact" \ org.opencontainers.image.description="Application packaged by Bitnami" \ - org.opencontainers.image.ref.name="19.0.3-debian-11-r3" \ + org.opencontainers.image.ref.name="19.0.3-debian-11-r4" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/keycloak" \ org.opencontainers.image.title="keycloak" \ org.opencontainers.image.vendor="VMware, Inc." \ @@ -23,7 +23,7 @@ RUN install_packages ca-certificates curl libaio1 procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \ COMPONENTS=( \ "wait-for-port-1.0.3-155-linux-${OS_ARCH}-debian-11" \ - "java-11.0.16-1-linux-${OS_ARCH}-debian-11" \ + "java-11.0.17-7-1-linux-${OS_ARCH}-debian-11" \ "keycloak-19.0.3-0-linux-${OS_ARCH}-debian-11" \ "gosu-1.14.0-155-linux-${OS_ARCH}-debian-11" \ ) && \ diff --git a/bitnami/keycloak/19/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/keycloak/19/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json index a4021e65cc65..0924c9d70056 100644 --- a/bitnami/keycloak/19/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/keycloak/19/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json @@ -8,10 +8,10 @@ }, "java": { "arch": "amd64", - "digest": "c375579c55ee13d9561dcfaeba0338a6c2f5233dc386ead63dbbb67cc974fcdb", + "digest": "972009952c7ab083836ce1943c7768daac74ec3cbea63eb5994b38e7c9794b75", "distro": "debian-11", "type": "NAMI", - "version": "11.0.16-1" + "version": "11.0.17-7-1" }, "keycloak": { "arch": "amd64", diff --git a/bitnami/keycloak/19/debian-11/rootfs/opt/bitnami/scripts/keycloak-env.sh b/bitnami/keycloak/19/debian-11/rootfs/opt/bitnami/scripts/keycloak-env.sh index 3b8ef9cdc2f4..bb46956940cb 100644 --- a/bitnami/keycloak/19/debian-11/rootfs/opt/bitnami/scripts/keycloak-env.sh +++ b/bitnami/keycloak/19/debian-11/rootfs/opt/bitnami/scripts/keycloak-env.sh @@ -34,18 +34,24 @@ keycloak_env_vars=( KEYCLOAK_CACHE_TYPE KEYCLOAK_CACHE_STACK KEYCLOAK_EXTRA_ARGS - KEYCLOAK_EXTRA_ARGS_PREPENDED KEYCLOAK_ENABLE_STATISTICS - KEYCLOAK_ENABLE_TLS - KEYCLOAK_TLS_TRUSTSTORE_FILE - KEYCLOAK_TLS_TRUSTSTORE_PASSWORD - KEYCLOAK_TLS_KEYSTORE_FILE - KEYCLOAK_TLS_KEYSTORE_PASSWORD + KEYCLOAK_ENABLE_HTTPS + KEYCLOAK_HTTPS_TRUST_STORE_FILE + KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD + KEYCLOAK_HTTPS_KEY_STORE_FILE + KEYCLOAK_HTTPS_KEY_STORE_PASSWORD + KEYCLOAK_HTTPS_USE_PEM + KEYCLOAK_HTTPS_CERTIFICATE_FILE + KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE + KEYCLOAK_SPI_TRUSTSTORE_FILE + KEYCLOAK_SPI_TRUSTSTORE_PASSWORD + KEYCLOAK_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY KEYCLOAK_LOG_LEVEL KEYCLOAK_LOG_OUTPUT KEYCLOAK_ROOT_LOG_LEVEL KEYCLOAK_PROXY KEYCLOAK_PRODUCTION + KEYCLOAK_EXTRA_ARGS_PREPENDED KEYCLOAK_DATABASE_HOST KEYCLOAK_DATABASE_PORT KEYCLOAK_DATABASE_USER @@ -57,6 +63,15 @@ keycloak_env_vars=( KEYCLOAK_DAEMON_GROUP KEYCLOAK_ADMIN_USER KC_HOSTNAME + KC_HTTPS_TRUST_STORE_FILE + KC_HTTPS_TRUST_STORE_PASSWORD + KC_HTTPS_KEY_STORE_FILE + KC_HTTPS_KEY_STORE_PASSWORD + KC_HTTPS_CERTIFICATE_FILE + KC_HTTPS_CERTIFICATE_KEY_FILE + KC_SPI_TRUSTSTORE_FILE_FILE + KC_SPI_TRUSTSTORE_PASSWORD + KC_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY DB_ADDR DB_PORT DB_USER @@ -109,18 +124,33 @@ export KEYCLOAK_INIT_MAX_RETRIES="${KEYCLOAK_INIT_MAX_RETRIES:-10}" export KEYCLOAK_CACHE_TYPE="${KEYCLOAK_CACHE_TYPE:-ispn}" export KEYCLOAK_CACHE_STACK="${KEYCLOAK_CACHE_STACK:-}" export KEYCLOAK_EXTRA_ARGS="${KEYCLOAK_EXTRA_ARGS:-}" -export KEYCLOAK_EXTRA_ARGS_PREPENDED="${KEYCLOAK_EXTRA_ARGS_PREPENDED:-}" export KEYCLOAK_ENABLE_STATISTICS="${KEYCLOAK_ENABLE_STATISTICS:-false}" -export KEYCLOAK_ENABLE_TLS="${KEYCLOAK_ENABLE_TLS:-false}" -export KEYCLOAK_TLS_TRUSTSTORE_FILE="${KEYCLOAK_TLS_TRUSTSTORE_FILE:-}" -export KEYCLOAK_TLS_TRUSTSTORE_PASSWORD="${KEYCLOAK_TLS_TRUSTSTORE_PASSWORD:-}" -export KEYCLOAK_TLS_KEYSTORE_FILE="${KEYCLOAK_TLS_KEYSTORE_FILE:-}" -export KEYCLOAK_TLS_KEYSTORE_PASSWORD="${KEYCLOAK_TLS_KEYSTORE_PASSWORD:-}" +export KEYCLOAK_ENABLE_HTTPS="${KEYCLOAK_ENABLE_HTTPS:-false}" +KEYCLOAK_HTTPS_TRUST_STORE_FILE="${KEYCLOAK_HTTPS_TRUST_STORE_FILE:-"${KC_HTTPS_TRUST_STORE_FILE:-}"}" +export KEYCLOAK_HTTPS_TRUST_STORE_FILE="${KEYCLOAK_HTTPS_TRUST_STORE_FILE:-}" +KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD="${KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD:-"${KC_HTTPS_TRUST_STORE_PASSWORD:-}"}" +export KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD="${KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD:-}" +KEYCLOAK_HTTPS_KEY_STORE_FILE="${KEYCLOAK_HTTPS_KEY_STORE_FILE:-"${KC_HTTPS_KEY_STORE_FILE:-}"}" +export KEYCLOAK_HTTPS_KEY_STORE_FILE="${KEYCLOAK_HTTPS_KEY_STORE_FILE:-}" +KEYCLOAK_HTTPS_KEY_STORE_PASSWORD="${KEYCLOAK_HTTPS_KEY_STORE_PASSWORD:-"${KC_HTTPS_KEY_STORE_PASSWORD:-}"}" +export KEYCLOAK_HTTPS_KEY_STORE_PASSWORD="${KEYCLOAK_HTTPS_KEY_STORE_PASSWORD:-}" +export KEYCLOAK_HTTPS_USE_PEM="${KEYCLOAK_HTTPS_USE_PEM:-false}" +KEYCLOAK_HTTPS_CERTIFICATE_FILE="${KEYCLOAK_HTTPS_CERTIFICATE_FILE:-"${KC_HTTPS_CERTIFICATE_FILE:-}"}" +export KEYCLOAK_HTTPS_CERTIFICATE_FILE="${KEYCLOAK_HTTPS_CERTIFICATE_FILE:-}" +KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE="${KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE:-"${KC_HTTPS_CERTIFICATE_KEY_FILE:-}"}" +export KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE="${KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE:-}" +KEYCLOAK_SPI_TRUSTSTORE_FILE="${KEYCLOAK_SPI_TRUSTSTORE_FILE:-"${KC_SPI_TRUSTSTORE_FILE_FILE:-}"}" +export KEYCLOAK_SPI_TRUSTSTORE_FILE="${KEYCLOAK_SPI_TRUSTSTORE_FILE:-}" +KEYCLOAK_SPI_TRUSTSTORE_PASSWORD="${KEYCLOAK_SPI_TRUSTSTORE_PASSWORD:-"${KC_SPI_TRUSTSTORE_PASSWORD:-}"}" +export KEYCLOAK_SPI_TRUSTSTORE_PASSWORD="${KEYCLOAK_SPI_TRUSTSTORE_PASSWORD:-}" +KEYCLOAK_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY="${KEYCLOAK_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY:-"${KC_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY:-}"}" +export KEYCLOAK_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY="${KEYCLOAK_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY:-}" export KEYCLOAK_LOG_LEVEL="${KEYCLOAK_LOG_LEVEL:-info}" export KEYCLOAK_LOG_OUTPUT="${KEYCLOAK_LOG_OUTPUT:-default}" export KEYCLOAK_ROOT_LOG_LEVEL="${KEYCLOAK_ROOT_LOG_LEVEL:-INFO}" export KEYCLOAK_PROXY="${KEYCLOAK_PROXY:-passthrough}" export KEYCLOAK_PRODUCTION="${KEYCLOAK_PRODUCTION:-false}" +export KEYCLOAK_EXTRA_ARGS_PREPENDED="${KEYCLOAK_EXTRA_ARGS_PREPENDED:-}" KEYCLOAK_DATABASE_HOST="${KEYCLOAK_DATABASE_HOST:-"${DB_ADDR:-}"}" export KEYCLOAK_DATABASE_HOST="${KEYCLOAK_DATABASE_HOST:-postgresql}" KEYCLOAK_DATABASE_PORT="${KEYCLOAK_DATABASE_PORT:-"${DB_PORT:-}"}" diff --git a/bitnami/keycloak/19/debian-11/rootfs/opt/bitnami/scripts/libkeycloak.sh b/bitnami/keycloak/19/debian-11/rootfs/opt/bitnami/scripts/libkeycloak.sh index b84cf3a31ec6..17c85a1f4124 100644 --- a/bitnami/keycloak/19/debian-11/rootfs/opt/bitnami/scripts/libkeycloak.sh +++ b/bitnami/keycloak/19/debian-11/rootfs/opt/bitnami/scripts/libkeycloak.sh @@ -43,21 +43,30 @@ keycloak_validate() { if is_boolean_yes "$KEYCLOAK_PRODUCTION"; then if [[ "$KEYCLOAK_PROXY" == "edge" ]]; then # https://www.keycloak.org/server/reverseproxy - if is_boolean_yes "$KEYCLOAK_ENABLE_TLS"; then - print_validation_error "TLS and proxy=edge are not compatible. Please set the KEYCLOAK_ENABLE_TLS variable to false when using KEYCLOAK_PROXY=edge. Review # https://www.keycloak.org/server/reverseproxy for more information about proxy settings." + if is_boolean_yes "$KEYCLOAK_ENABLE_HTTPS"; then + print_validation_error "TLS and proxy=edge are not compatible. Please set the KEYCLOAK_ENABLE_HTTPS variable to false when using KEYCLOAK_PROXY=edge. Review # https://www.keycloak.org/server/reverseproxy for more information about proxy settings." fi - elif ! is_boolean_yes "$KEYCLOAK_ENABLE_TLS"; then + elif ! is_boolean_yes "$KEYCLOAK_ENABLE_HTTPS"; then # keycloak proxy passthrough/reencrypt requires tls - print_validation_error "You need to have TLS enabled. Please set the KEYCLOAK_ENABLE_TLS variable to true" + print_validation_error "You need to have TLS enabled. Please set the KEYCLOAK_ENABLE_HTTPS variable to true" fi fi - if is_boolean_yes "$KEYCLOAK_ENABLE_TLS"; then - if is_empty_value "$KEYCLOAK_TLS_TRUSTSTORE_FILE"; then - print_validation_error "Path to the TLS truststore file not defined. Please set the KEYCLOAK_TLS_TRUSTSTORE_FILE variable to the mounted truststore" - fi - if is_empty_value "$KEYCLOAK_TLS_KEYSTORE_FILE"; then - print_validation_error "Path to the TLS keystore file not defined. Please set the KEYCLOAK_TLS_KEYSTORE_FILE variable to the mounted keystore" + if is_boolean_yes "$KEYCLOAK_ENABLE_HTTPS"; then + if is_boolean_yes "$KEYCLOAK_HTTPS_USE_PEM"; then + if is_empty_value "$KEYCLOAK_HTTPS_CERTIFICATE_FILE"; then + print_validation_error "Path to the TLS certificate not defined. Please set the KEYCLOAK_HTTPS_CERTIFICATE_FILE variable to the mounted PEM certificate" + fi + if is_empty_value "$KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE"; then + print_validation_error "Path to the TLS key not defined. Please set the KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE variable to the mounted PEM key" + fi + else + if is_empty_value "$KEYCLOAK_HTTPS_TRUST_STORE_FILE"; then + print_validation_error "Path to the TLS truststore file not defined. Please set the KEYCLOAK_HTTPS_TRUST_STORE_FILE variable to the mounted truststore" + fi + if is_empty_value "$KEYCLOAK_HTTPS_KEY_STORE_FILE"; then + print_validation_error "Path to the TLS keystore file not defined. Please set the KEYCLOAK_HTTPS_KEY_STORE_FILE variable to the mounted keystore" + fi fi fi @@ -73,7 +82,7 @@ keycloak_validate() { check_allowed_port KEYCLOAK_HTTP_PORT check_allowed_port KEYCLOAK_HTTPS_PORT - for var in KEYCLOAK_ENABLE_TLS KEYCLOAK_ENABLE_STATISTICS; do + for var in KEYCLOAK_ENABLE_HTTPS KEYCLOAK_ENABLE_STATISTICS; do if ! is_true_false_value "${!var}"; then print_validation_error "The allowed values for $var are [true, false]" fi @@ -220,19 +229,39 @@ keycloak_configure_proxy() { } ######################## -# Configure database settings +# Configure HTTPS settings # Globals: # KEYCLOAK_* # Arguments: # Returns: # None ######################### -keycloak_configure_tls() { - info "Configuring TLS by setting keystore and truststore" - ! is_empty_value "$KEYCLOAK_TLS_KEYSTORE_PASSWORD" && keycloak_conf_set "https-key-store-password" "${KEYCLOAK_TLS_KEYSTORE_PASSWORD}" - ! is_empty_value "$KEYCLOAK_TLS_TRUSTSTORE_PASSWORD" && keycloak_conf_set "https-trust-store-password" "${KEYCLOAK_TLS_TRUSTSTORE_PASSWORD}" - keycloak_conf_set "https-key-store-file" "${KEYCLOAK_TLS_KEYSTORE_FILE}" - keycloak_conf_set "https-trust-store-file" "${KEYCLOAK_TLS_TRUSTSTORE_FILE}" +keycloak_configure_https() { + info "Configuring Keycloak HTTPS settings" + if is_boolean_yes "$KEYCLOAK_HTTPS_USE_PEM"; then + keycloak_conf_set "https-certificate-file" "${KEYCLOAK_HTTPS_CERTIFICATE_FILE}" + keycloak_conf_set "https-certificate-key-file" "${KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE}" + else + ! is_empty_value "$KEYCLOAK_HTTPS_KEY_STORE_PASSWORD" && keycloak_conf_set "https-key-store-password" "${KEYCLOAK_HTTPS_KEY_STORE_PASSWORD}" + ! is_empty_value "$KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD" && keycloak_conf_set "https-trust-store-password" "${KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD}" + keycloak_conf_set "https-key-store-file" "${KEYCLOAK_HTTPS_KEY_STORE_FILE}" + keycloak_conf_set "https-trust-store-file" "${KEYCLOAK_HTTPS_TRUST_STORE_FILE}" + fi +} + +######################## +# Configure SPI TLS settings +# Globals: +# KEYCLOAK_* +# Arguments: +# Returns: +# None +######################### +keycloak_configure_spi_tls() { + info "Configuring Keycloak SPI TLS settings" + ! is_empty_value "$KEYCLOAK_SPI_TRUSTSTORE_PASSWORD" && keycloak_conf_set "spi-truststore-file-password" "${KEYCLOAK_SPI_TRUSTSTORE_PASSWORD}" + ! is_empty_value "$KEYCLOAK_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY" && keycloak_conf_set "spi-truststore-file-hostname-verification-policy" "${KEYCLOAK_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY}" + keycloak_conf_set "spi-truststore-file-file" "${KEYCLOAK_SPI_TRUSTSTORE_FILE}" } @@ -266,7 +295,8 @@ keycloak_initialize() { keycloak_configure_cache keycloak_configure_loglevel keycloak_configure_proxy - is_boolean_yes "$KEYCLOAK_ENABLE_TLS" && keycloak_configure_tls + is_boolean_yes "$KEYCLOAK_ENABLE_HTTPS" && keycloak_configure_https + ! is_empty_value "$KEYCLOAK_SPI_TRUSTSTORE_FILE" && keycloak_configure_spi_tls true } diff --git a/bitnami/keycloak/README.md b/bitnami/keycloak/README.md index bfd9d861fd86..ce0faf0fa593 100644 --- a/bitnami/keycloak/README.md +++ b/bitnami/keycloak/README.md @@ -142,7 +142,7 @@ keycloak: ### TLS Encryption -The Bitnami Keycloak Docker image allows configuring TLS encryption between nodes and between server-client. This is done by mounting in `/opt/bitnami/keycloak/certs` two files: +The Bitnami Keycloak Docker image allows configuring HTTPS/TLS encription. This is done by mounting in `/opt/bitnami/keycloak/certs` two files: - `keystore`: File with the server keystore - `truststore`: File with the server truststore @@ -151,12 +151,22 @@ The Bitnami Keycloak Docker image allows configuring TLS encryption between node Apart from that, the following environment variables must be set: - - `KEYCLOAK_ENABLE_TLS`: Enable TLS encryption using the keystore. Default: **false**. - - `KEYCLOAK_TLS_KEYSTORE_FILE`: Path to the keystore file (e.g. `/opt/bitnami/keycloak/certs/keystore.jks`). No defaults. - - `KEYCLOAK_TLS_TRUSTSTORE_FILE`: Path to the truststore file (e.g. `/opt/bitnami/keycloak/certs/truststore.jks`). No defaults. - - `KEYCLOAK_TLS_KEYSTORE_PASSWORD`: Password for accessing the keystore. No defaults. - - `KEYCLOAK_TLS_TRUSTSTORE_PASSWORD`: Password for accessing the truststore. No defaults. + - `KEYCLOAK_ENABLE_HTTPS`: Enable TLS encryption using the keystore. Default: **false**. + - `KEYCLOAK_HTTPS_KEY_STORE_FILE`: Path to the keystore file (e.g. `/opt/bitnami/keycloak/certs/keystore.jks`). No defaults. + - `KEYCLOAK_HTTPS_TRUST_STORE_FILE`: Path to the truststore file (e.g. `/opt/bitnami/keycloak/certs/truststore.jks`). No defaults. + - `KEYCLOAK_HTTPS_KEY_STORE_PASSWORD`: Password for accessing the keystore. No defaults. + - `KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD`: Password for accessing the truststore. No defaults. + - `KEYCLOAK_HTTPS_USE_PEM`: Set to true to configure HTTPS using PEM certificates'. Default: **false**. + - `KEYCLOAK_HTTPS_CERTIFICATE_FILE`: Path to the PEM certificate file (e.g. `/opt/bitnami/keycloak/certs/tls.crt`). No defaults. + - `KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE`: Path to the PEM key file (e.g. `/opt/bitnami/keycloak/certs/tls.key`). No defaults. +### SPI TLS truststore + +The Bitnami Keycloak Docker image supports configuring a truststore for HTTP/TLS connection with Keycloak SPIs. + + - `KEYCLOAK_SPI_TRUSTSTORE_FILE`: Path to the Keycloak SPI truststore file (e.g. `/opt/bitnami/keycloak/certs-spi/truststore.jks`). No defaults. + - `KEYCLOAK_SPI_TRUSTSTORE_PASSWORD`: Password for decrypting the SPI truststore file. No defaults. + - `KEYCLOAK_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY`: Hostname verification policy for SPI connection over HTTPS/TLS ### Adding custom themes @@ -215,6 +225,17 @@ After that, your changes will be taken into account in the server's behaviour. ## Notable Changes +### 19-debian-11-r4 + +- TLS environment variables have been renamed to match upstream. + - `KEYCLOAK_ENABLE_TLS` was renamed as `KEYCLOAK_ENABLE_HTTPS`. + - `KEYCLOAK_TLS_KEYSTORE_FILE` was renamed as `KEYCLOAK_TLS_KEY_STORE_FILE`. + - `KEYCLOAK_TLS_TRUSTSTORE_FILE` was renamed as `KEYCLOAK_TLS_TRUST_STORE_FILE`. + - `KEYCLOAK_TLS_KEYSTORE_PASSWORD` was renamed as `KEYCLOAK_TLS_KEY_STORE_PASSWORD`. + - `KEYCLOAK_TLS_TRUSTSTORE_PASSWORD` was renamed as `KEYCLOAK_TLS_TRUST_STORE_PASSWORD`. +- HTTPS/TLS can now be configured using PEM certificates. +- Added support to add SPI truststore file. + ### 17-debian-10 Keycloak 17 is powered by Quarkus and to deploy it in production mode it is necessary to set up TLS. @@ -222,7 +243,7 @@ To do this you need to set `KEYCLOAK_PRODUCTION` to **true** and configure TLS ## Contributing -We'd love for you to contribute to this container. You can request new features by creating an [issue](https://github.com/bitnami/containers/issues), or submit a [pull request](https://github.com/bitnami/containers/pulls) with your contribution. +We'd love for you to contribute to this container. You can request new features by creating an [issue](https://github.com/bitnami/containers/issues) or submitting a [pull request](https://github.com/bitnami/containers/pulls) with your contribution. ## Issues