代码改变世界

keycloak 配置DB

2023-02-17 15:33  qgbo  阅读(252)  评论(0编辑  收藏  举报

docker hub 上搜keycloak 镜像,下载最多的是  https://hub.docker.com/r/bitnami/keycloak

这个怎么设置都是 postgreSQL

In the office document, there is this words: The Bitnami Keycloak container requires a PostgreSQL database to work, this means PostgreSQL can be used if we want use the image!?

 this is details of the images https://github.com/bitnami/containers/tree/main/bitnami/keycloak

 

and a dockerFile exist!

yes, the image come form docker.io/bitnami/minideb:bullseye。In it , the keycloak package will be downloaded and put into the image.

when the container start up, the 2 scripts will execute:

ENTRYPOINT [ "/opt/bitnami/scripts/keycloak/entrypoint.sh" ]
 CMD [ "/opt/bitnami/scripts/keycloak/run.sh" ]  

in them, the kc.sh start ,which we can understand will execute.

So we should change image!

The image provided by office is keycloak/keycloak

So, first we shold create a new empty database, then create a user who can access the database.

execute the cmd,then it can start up;

 

kc.bat --verbose start-dev --db mssql --db-url "jdbc:sqlserver://<host>;databaseName=keycloak;user=q;password=1;encrypt=false" --transaction-xa-enabled=false --db-schema dbo

also like this:

version: '3.8'

services:
  keycloak:
    image: keycloak/keycloak:20.0.3
    command: --verbose start-dev
    environment:
      - PROXY_ADDRESS_FORWARDING=true
      - KC_PROXY=passthrough
      - KC_HTTP_RELATIVE_PATH=keycloak
      - KC_DB=mssql
     #  user=q;password=q  this 2 config can be overrided by the following config in env
      - KC_DB_URL=jdbc:sqlserver://<host>;databaseName=keycloak;user=q;password=q;encrypt=false;trustServerCertificate=true;
      - KC_DB_HOST=
      - KC_DB_PORT=1433
      - KC_DB_USERNAME=q
      - KC_DB_PASSWORD=q
      - KC_DB_SCHEMA=dbo
      - KC_TRANSACTION_XA_ENABLED=false
    networks:
      - app-net
      - middleware-net
    deploy:
      mode: replicated
      placement:
        constraints:
          - "node.hostname==keycloak"
      replicas: 1
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=middleware-net"
        - "traefik.http.routers.keycloak.entrypoints=traefik"
        - "traefik.http.routers.keycloak.rule=PathPrefix(`/keycloak/`)"
        - "traefik.http.services.keycloak.loadbalancer.server.port=8080"
networks:
    ****

 

 

 this is a useful link: https://github.com/keycloak/keycloak-community/blob/main/design/keycloak.x/configuration.md