diff --git a/bitnami/keycloak/23/debian-11/Dockerfile b/bitnami/keycloak/23/debian-11/Dockerfile index d496c138536e..76fca13a6b27 100644 --- a/bitnami/keycloak/23/debian-11/Dockerfile +++ b/bitnami/keycloak/23/debian-11/Dockerfile @@ -8,10 +8,10 @@ ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:1e1b4657a77f0d47e9220f0c37b9bf7802581b93214fff7d1bd2364c8bf22e8e" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \ - org.opencontainers.image.created="2024-01-08T15:56:28Z" \ + org.opencontainers.image.created="2024-01-19T21:48:55Z" \ org.opencontainers.image.description="Application packaged by VMware, Inc" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="23.0.4-debian-11-r0" \ + org.opencontainers.image.ref.name="23.0.4-debian-11-r1" \ org.opencontainers.image.title="keycloak" \ org.opencontainers.image.vendor="VMware, Inc." \ org.opencontainers.image.version="23.0.4" @@ -27,8 +27,8 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl krb5-user libaio1 procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ COMPONENTS=( \ - "wait-for-port-1.0.7-4-linux-${OS_ARCH}-debian-11" \ - "java-17.0.9-11-6-linux-${OS_ARCH}-debian-11" \ + "wait-for-port-1.0.7-5-linux-${OS_ARCH}-debian-11" \ + "java-17.0.10-13-0-linux-${OS_ARCH}-debian-11" \ "keycloak-23.0.4-0-linux-${OS_ARCH}-debian-11" \ ) ; \ for COMPONENT in "${COMPONENTS[@]}"; do \ @@ -43,6 +43,7 @@ RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ RUN apt-get update && apt-get upgrade -y && \ apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives RUN chmod g+rwX /opt/bitnami +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true COPY rootfs / RUN /opt/bitnami/scripts/java/postunpack.sh diff --git a/bitnami/keycloak/23/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/keycloak/23/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json index b20a30c205fd..cffceb802ae0 100644 --- a/bitnami/keycloak/23/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/keycloak/23/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,7 +3,7 @@ "arch": "amd64", "distro": "debian-11", "type": "NAMI", - "version": "17.0.9-11-6" + "version": "17.0.10-13-0" }, "keycloak": { "arch": "amd64", @@ -15,6 +15,6 @@ "arch": "amd64", "distro": "debian-11", "type": "NAMI", - "version": "1.0.7-4" + "version": "1.0.7-5" } } \ No newline at end of file diff --git a/bitnami/keycloak/README.md b/bitnami/keycloak/README.md index 80ad22053cc5..109366490f43 100644 --- a/bitnami/keycloak/README.md +++ b/bitnami/keycloak/README.md @@ -13,13 +13,6 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema docker run --name keycloak bitnami/keycloak:latest ``` -### Docker Compose - -```console -curl -LO https://raw.githubusercontent.com/bitnami/containers/main/bitnami/keycloak/docker-compose.yml -docker-compose up -``` - **Warning**: This quick setup is only intended for development environments. You are encouraged to change the insecure default credentials and check out the available configuration options in the [Configuration](#configuration) section for a more secure deployment. ## Why use Bitnami Images? @@ -73,39 +66,57 @@ docker build -t bitnami/APP:latest . ## Configuration -### Admin credentials +### Environment variables -The Bitnami Keycloak container can create a default admin user by setting the following environment variables: +#### Customizable environment variables -* `KEYCLOAK_CREATE_ADMIN_USER`: Create administrator user on boot. Default: **true**. -* `KEYCLOAK_ADMIN_USER`: Administrator default user. Default: **user**. -* `KEYCLOAK_ADMIN_PASSWORD`: Administrator default password. Default: **bitnami**. +| Name | Description | Default Value | +|------------------------------------|-----------------------------------------------------------------------------------------------|-------------------------------| +| `KEYCLOAK_MOUNTED_CONF_DIR` | Directory for including custom configuration files (that override the default generated ones) | `${KEYCLOAK_VOLUME_DIR}/conf` | +| `KEYCLOAK_ADMIN` | Keycloak administrator user | `user` | +| `KEYCLOAK_ADMIN_PASSWORD` | Keycloak administrator password | `bitnami` | +| `KEYCLOAK_HTTP_RELATIVE_PATH` | Set the path relative to "/" for serving resources. | `/` | +| `KEYCLOAK_HTTP_PORT` | HTTP port | `8080` | +| `KEYCLOAK_HTTPS_PORT` | HTTPS port | `8443` | +| `KEYCLOAK_BIND_ADDRESS` | Bind address | `$(hostname --fqdn)` | +| `KEYCLOAK_INIT_MAX_RETRIES` | Maximum retries for checking that the database works | `10` | +| `KEYCLOAK_CACHE_TYPE` | Defines the cache mechanism for high-availability. | `ispn` | +| `KEYCLOAK_ENABLE_STATISTICS` | Enable metrics for the database | `false` | +| `KEYCLOAK_ENABLE_HEALTH_ENDPOINTS` | Enable health endpoints | `false` | +| `KEYCLOAK_ENABLE_HTTPS` | Enable SSL certificates | `false` | +| `KEYCLOAK_HTTPS_USE_PEM` | Set to true to configure HTTPS using PEM certificates | `false` | +| `KEYCLOAK_LOG_LEVEL` | Keycloak log level | `info` | +| `KEYCLOAK_LOG_OUTPUT` | Keycloak log output | `default` | +| `KEYCLOAK_ROOT_LOG_LEVEL` | Keycloak root log level | `INFO` | +| `KEYCLOAK_PROXY` | Keycloak type proxy | `passthrough` | +| `KEYCLOAK_PRODUCTION` | Run in production mode | `false` | +| `KEYCLOAK_DATABASE_VENDOR` | Database vendor | `postgresql` | +| `KEYCLOAK_DATABASE_HOST` | Database backend hostname | `postgresql` | +| `KEYCLOAK_DATABASE_PORT` | Database backend port | `5432` | +| `KEYCLOAK_DATABASE_USER` | Database backend username | `bn_keycloak` | +| `KEYCLOAK_DATABASE_NAME` | Database name | `bitnami_keycloak` | +| `KEYCLOAK_DATABASE_SCHEMA` | PostgreSQL database schema | `public` | +| `KEYCLOAK_DAEMON_USER` | Keycloak daemon user when running as root | `keycloak` | +| `KEYCLOAK_DAEMON_GROUP` | Keycloak daemon group when running as root | `keycloak` | -### Connecting to a database +#### Read-only environment variables -The Bitnami Keycloak container can connect to a database by setting the following environment variables: - -* `KEYCLOAK_DATABASE_VENDOR`: Database vendor. Default: **postgresql**. Use **dev-mem** or **dev-file** to use an in-memory or file-based database for development purposes. - -### PostgreSQL database connection configuration - -The Bitnami Keycloak container requires a PostgreSQL database to work. This is configured with the following environment variables: - -* `KEYCLOAK_DATABASE_HOST`: PostgreSQL host. Default: **postgresql**. -* `KEYCLOAK_DATABASE_PORT`: PostgreSQL port. Default: **5432**. -* `KEYCLOAK_DATABASE_NAME`: PostgreSQL database name. Default: **bitnami_keycloak**. -* `KEYCLOAK_DATABASE_USER`: PostgreSQL database user. Default: **bn_keycloak**. -* `KEYCLOAK_DATABASE_PASSWORD`: PostgreSQL database password. No defaults. -* `KEYCLOAK_DATABASE_SCHEMA`: PostgreSQL database schema. Default: **public**. -* `KEYCLOAK_JDBC_PARAMS`: PostgreSQL database JDBC parameters (example: `sslmode=verify-full&connectTimeout=30000`). No defaults. - -### Port and address binding - -The listening port and listening address can be configured with the following environment variables: - -* `KEYCLOAK_HTTP_PORT`: Keycloak HTTP port. Default: **8080**. -* `KEYCLOAK_HTTPS_PORT`: Keycloak HTTPS port. Default: **8443**. -* `KEYCLOAK_BIND_ADDRESS`: Keycloak bind address. Default: **0.0.0.0**. +| Name | Description | Value | +|------------------------------|---------------------------------------------------------|---------------------------------| +| `BITNAMI_VOLUME_DIR` | Directory where to mount volumes. | `/bitnami` | +| `JAVA_HOME` | Java installation directory | `/opt/bitnami/java` | +| `KEYCLOAK_BASE_DIR` | Keycloak base directory | `/opt/bitnami/keycloak` | +| `KEYCLOAK_BIN_DIR` | Keycloak bin directory | `$KEYCLOAK_BASE_DIR/bin` | +| `KEYCLOAK_PROVIDERS_DIR` | Keycloak Wildfly extensions directory | `$KEYCLOAK_BASE_DIR/providers` | +| `KEYCLOAK_LOG_DIR` | Keycloak bin directory | `$KEYCLOAK_PROVIDERS_DIR/log` | +| `KEYCLOAK_TMP_DIR` | Keycloak tmp directory | `$KEYCLOAK_PROVIDERS_DIR/tmp` | +| `KEYCLOAK_DOMAIN_TMP_DIR` | Keycloak tmp directory | `$KEYCLOAK_BASE_DIR/domain/tmp` | +| `WILDFLY_BASE_DIR` | Wildfly base directory | `/opt/bitnami/wildfly` | +| `KEYCLOAK_VOLUME_DIR` | Path to keycloak mount directory | `/bitnami/keycloak` | +| `KEYCLOAK_CONF_DIR` | Keycloak configuration directory | `$KEYCLOAK_BASE_DIR/conf` | +| `KEYCLOAK_INITSCRIPTS_DIR` | Path to keycloak init scripts directory | `/docker-entrypoint-initdb.d` | +| `KEYCLOAK_CONF_FILE` | Name of the keycloak configuration file (relative path) | `keycloak.conf` | +| `KEYCLOAK_DEFAULT_CONF_FILE` | Name of the keycloak configuration file (relative path) | `keycloak.conf` | ### Extra arguments to Keycloak startup @@ -210,7 +221,7 @@ The Bitnami Keycloak container can activate different set of statistics (databas ### Enabling health endpoints -The Bitnami Keycloak container can activate several endpoints providing information about the health of Keycloak, by setting the environment variable `KEYCLOAK_ENABLE_HEALTH_ENDPOINTS=true`. +The Bitnami Keycloak container can activate several endpoints providing information about the health of Keycloak, by setting the environment variable `KEYCLOAK_ENABLE_HEALTH_ENDPOINTS=true`. See [the official documentation](https://www.keycloak.org/server/health) for more information about these endpoints. ### Full configuration @@ -252,6 +263,12 @@ After that, your changes will be taken into account in the server's behaviour. Keycloak 17 is powered by Quarkus and to deploy it in production mode it is necessary to set up TLS. To do this you need to set `KEYCLOAK_PRODUCTION` to **true** and configure TLS +## Using `docker-compose.yaml` + +Please be aware this file has not undergone internal testing. Consequently, we advise its use exclusively for development or testing purposes. For production-ready deployments, we highly recommend utilizing its associated [Bitnami Helm chart](https://github.com/bitnami/charts/tree/main/bitnami/keycloak). + +If you detect any issue in the `docker-compose.yaml` file, feel free to report it or contribute with a fix by following our [Contributing Guidelines](https://github.com/bitnami/containers/blob/main/CONTRIBUTING.md). + ## Contributing We'd love for you to contribute to this container. You can request new features by creating an [issue](https://github.com/bitnami/containers/issues) or submitting a [pull request](https://github.com/bitnami/containers/pulls) with your contribution.