diff --git a/docker-compose-keycloak-firstrun.yml b/docker-compose-keycloak-firstrun.yml
new file mode 100644
index 0000000000000000000000000000000000000000..8879b5d35c8a8bc5878d35405de9786588e054ed
--- /dev/null
+++ b/docker-compose-keycloak-firstrun.yml
@@ -0,0 +1,50 @@
+include:
+ - docker-compose-keycloak.yml
+
+volumes:
+ keycloak-config:
+ name: keycloak-firstrun
+
+services:
+ # Import LINCS realm
+ keycloak-firstrun:
+ image: adorsys/keycloak-config-cli:latest
+ env_file:
+ - "../leafwriter.env"
+ environment:
+ - KEYCLOAK_URL=http://keycloak:8080/
+ - KEYCLOAK_USER=tempadmin
+ - KEYCLOAK_PASSWORD=tempadmin
+ - KEYCLOAK_AVAILABILITYCHECK_ENABLED=true
+ - KEYCLOAK_AVAILABILITYCHECK_TIMEOUT=120s
+ - IMPORT_FILES_LOCATIONS=/config/leafwriter-conf.json
+ - IMPORT_VARSUBSTITUTION_ENABLED=true
+ volumes:
+ - ./keycloak-provisioning-files:/config
+ depends_on:
+ - keycloak
+ networks:
+ - keycloak-net
+
+ # Second run of Keycloak-config-cli Tool to automatically create permanent Keycloak admin, used for gui login as well as auth-api
+ keycloak-secondrun:
+ image: adorsys/keycloak-config-cli:latest
+ env_file:
+ - "../leafwriter.env"
+ environment:
+ - KEYCLOAK_URL=http://keycloak:8080/
+ - KEYCLOAK_USER=tempadmin
+ - KEYCLOAK_PASSWORD=tempadmin
+ - KEYCLOAK_AVAILABILITYCHECK_ENABLED=true
+ - KEYCLOAK_AVAILABILITYCHECK_TIMEOUT=120s
+ - IMPORT_FILES_LOCATIONS=/config/leafwriter-conf-master.json
+ - IMPORT_VARSUBSTITUTION_ENABLED=true
+ volumes:
+ - ./keycloak-provisioning-files:/config
+ depends_on:
+ keycloak:
+ condition: service_started
+ keycloak-firstrun:
+ condition: service_completed_successfully
+ networks:
+ - keycloak-net
\ No newline at end of file
diff --git a/docker-compose-keycloak.yml b/docker-compose-keycloak.yml
index f46bf1fc7fdce21ac239ee8e0e6fba8e1cda0833..b6ce344c6307962eaeced366014aaac3e61b787f 100644
--- a/docker-compose-keycloak.yml
+++ b/docker-compose-keycloak.yml
@@ -1,12 +1,10 @@
-version: '3'
-
volumes:
keycloak-data:
name: keycloakdb
services:
keycloakdb:
- image: postgres:11
+ image: postgres:17
ports:
- "5406:5432"
environment:
@@ -15,6 +13,8 @@ services:
- POSTGRES_DB=keycloak
volumes:
- ./keycloak-data:/var/lib/postgresql/data
+ networks:
+ - keycloak-net
keycloak:
image: keycloak/keycloak
command: start
@@ -24,11 +24,14 @@ services:
- keycloakdb
depends_on:
- keycloakdb
+ networks:
+ - keycloak-net
volumes:
- ./opt-keycloak:/opt/keycloak/providers
environment:
- - KEYCLOAK_ADMIN=admin
- - KEYCLOAK_ADMIN_PASSWORD=admin
+ - KC_BOOTSTRAP_ADMIN_USERNAME=tempadmin
+ - KC_BOOTSTRAP_ADMIN_PASSWORD=tempadmin
+ - KC_BOOTSTRAP_ADMIN_EXPIRATION=10
- KC_DB_USERNAME=postgres
- KC_DB_PASSWORD=postgres
- KC_DB=postgres
@@ -39,3 +42,6 @@ services:
- KC_HTTP_ENABLED=true
- KC_HOSTNAME_STRICT_HTTPS=false
- KC_HEALTH_ENABLED=true
+
+networks:
+ keycloak-net:
\ No newline at end of file
diff --git a/keycloak-provisioning-files/leafwriter-conf-master.json b/keycloak-provisioning-files/leafwriter-conf-master.json
new file mode 100644
index 0000000000000000000000000000000000000000..63e83c745e948ddefc731c40098be8a56869aa88
--- /dev/null
+++ b/keycloak-provisioning-files/leafwriter-conf-master.json
@@ -0,0 +1,20 @@
+{
+ "id": "master",
+ "realm": "master",
+ "users": [
+ {
+ "username": "$(env:keycloak_admin)",
+ "enabled": true,
+ "realmRoles": [
+ "admin",
+ "default-roles-master"
+ ],
+ "credentials": [
+ {
+ "type": "password",
+ "value": "$(env:keycloak_password)"
+ }
+ ]
+ }
+ ]
+}
diff --git a/authapi b/nginx-sample-conf-files/authapi
similarity index 74%
rename from authapi
rename to nginx-sample-conf-files/authapi
index 6776ba8490f5f39f38f966579726e868b1cdc470..670a04aee6284610654765847200ac6dbeb7eb46 100644
--- a/authapi
+++ b/nginx-sample-conf-files/authapi
@@ -1,10 +1,10 @@
server {
- server_name authapi.test.lca.users.h-da.cloud;
+ server_name authapi.example.com;
listen 80;
listen [::]:80;
location / {
- proxy_pass http://localhost:5000/;
+ proxy_pass http://localhost:3002/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
diff --git a/keycloak b/nginx-sample-conf-files/keycloak
similarity index 83%
rename from keycloak
rename to nginx-sample-conf-files/keycloak
index 375be80e9f71b62df92218ada14f0438f522cb1f..b0469ac29897fd33cbe9c399a63b4bbb09d2fa76 100644
--- a/keycloak
+++ b/nginx-sample-conf-files/keycloak
@@ -1,11 +1,11 @@
server {
- server_name keycloak.test.lca.users.h-da.cloud;
+ server_name keycloak.example.com;
listen 80;
listen [::]:80;
location / {
- proxy_pass http://localhost:8090;
+ proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
diff --git a/leaf b/nginx-sample-conf-files/leafwriter
similarity index 85%
rename from leaf
rename to nginx-sample-conf-files/leafwriter
index 2c8d4fd3a614b0deda7bc07ae46d4427e744a61d..ec3684983e1f315385bed435512865b57c8865fb 100644
--- a/leaf
+++ b/nginx-sample-conf-files/leafwriter
@@ -1,5 +1,5 @@
server {
- server_name leaf.test.lca.users.h-da.cloud;
+ server_name example.com;
listen 80;
listen [::]:80;
@@ -10,8 +10,4 @@ server {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
-
-
-
-
}
diff --git a/nssi b/nssi
deleted file mode 100644
index 79cf2bb0e30d3adf64e4aea0fe5ed04505e3cb1a..0000000000000000000000000000000000000000
--- a/nssi
+++ /dev/null
@@ -1,20 +0,0 @@
-server {
-
- server_name nssi.test.lca.users.h-da.cloud;
- listen 80;
- listen [::]:80;
-
- location / {
- proxy_pass http://localhost:8080;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Host $host;
- proxy_set_header X-Forwarded-Server $host;
- proxy_set_header X-Forwarded-Port $server_port;
- proxy_set_header X-Forwarded-Proto $scheme;
- }
-
-
-
-}