158 lines
4.8 KiB
Bash
158 lines
4.8 KiB
Bash
# Keycloak Deployment Configuration
|
|
# Copy this file to .env and modify the values as needed
|
|
|
|
# =============================================================================
|
|
# KEYCLOAK CONFIGURATION
|
|
# =============================================================================
|
|
|
|
# Admin credentials for Keycloak
|
|
KEYCLOAK_ADMIN=admin
|
|
KEYCLOAK_ADMIN_PASSWORD=admin123
|
|
|
|
# Keycloak server configuration
|
|
KEYCLOAK_HOST=localhost
|
|
KEYCLOAK_PORT=8080
|
|
KEYCLOAK_URL=http://localhost:8080
|
|
|
|
# Security settings
|
|
KC_HOSTNAME_STRICT=false
|
|
KC_HOSTNAME_STRICT_HTTPS=false
|
|
KC_HTTP_ENABLED=true
|
|
|
|
# =============================================================================
|
|
# DATABASE CONFIGURATION
|
|
# =============================================================================
|
|
|
|
# PostgreSQL database settings
|
|
POSTGRES_DB=keycloak
|
|
POSTGRES_USER=keycloak
|
|
POSTGRES_PASSWORD=secure_password_123
|
|
POSTGRES_HOST=postgres
|
|
POSTGRES_PORT=5432
|
|
|
|
# Database connection for Keycloak
|
|
KC_DB=postgres
|
|
KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak
|
|
KC_DB_USERNAME=keycloak
|
|
KC_DB_PASSWORD=secure_password_123
|
|
|
|
# =============================================================================
|
|
# LDAP CONFIGURATION
|
|
# =============================================================================
|
|
|
|
LDAP_DOMAIN=exemple.com
|
|
LDAP_ORGANISATION=Mon Organisation
|
|
LDAP_ADMIN_PASSWORD=ldap-secure-password
|
|
LDAP_CONFIG_PASSWORD=ldap-config-password
|
|
|
|
# =============================================================================
|
|
# REALM CONFIGURATION
|
|
# =============================================================================
|
|
|
|
# Main realm settings in case realm creation at first boot
|
|
# REALM_NAME=myrealm
|
|
# REALM_DISPLAY_NAME="My Organization Realm"
|
|
# REALM_ENABLED=true
|
|
|
|
# =============================================================================
|
|
# CLIENT CONFIGURATION
|
|
# =============================================================================
|
|
|
|
# Main application client
|
|
CLIENT_ID=my-app
|
|
# CLIENT_SECRET=my-app-secret-123 # Leave empty for auto-generation
|
|
CLIENT_SECRET=
|
|
CLIENT_NAME="My Application"
|
|
CLIENT_ENABLED=true
|
|
CLIENT_PUBLIC=false
|
|
|
|
# Backend API client
|
|
BACKEND_API_CLIENT_ID=backend-api
|
|
# BACKEND_API_CLIENT_SECRET=backend-api-secret-123 # Leave empty for auto-generation
|
|
BACKEND_API_CLIENT_SECRET=
|
|
BACKEND_API_CLIENT_NAME="Backend API Client"
|
|
|
|
# Token exchange client
|
|
TOKEN_EXCHANGE_CLIENT_ID=token-exchange-client
|
|
# TOKEN_EXCHANGE_CLIENT_SECRET=token-exchange-secret-123 # Leave empty for auto-generation
|
|
TOKEN_EXCHANGE_CLIENT_SECRET=
|
|
TOKEN_EXCHANGE_CLIENT_NAME="Token Exchange Client"
|
|
|
|
# =============================================================================
|
|
# USER CONFIGURATION
|
|
# =============================================================================
|
|
|
|
# Test user credentials
|
|
TEST_USERNAME=testuser
|
|
TEST_PASSWORD=testpass123
|
|
TEST_EMAIL=test@example.com
|
|
TEST_FIRST_NAME=Test
|
|
TEST_LAST_NAME=User
|
|
|
|
# =============================================================================
|
|
# DOCKER CONFIGURATION
|
|
# =============================================================================
|
|
|
|
# Docker network settings
|
|
DOCKER_NETWORK=keycloak-network
|
|
|
|
# Container names
|
|
KEYCLOAK_CONTAINER_NAME=local-keycloak
|
|
POSTGRES_CONTAINER_NAME=keycloak-postgres
|
|
|
|
# =============================================================================
|
|
# DEVELOPMENT SETTINGS
|
|
# =============================================================================
|
|
|
|
# Debug and logging
|
|
DEBUG=false
|
|
LOG_LEVEL=INFO
|
|
|
|
# Development features
|
|
KC_HEALTH_ENABLED=true
|
|
KC_METRICS_ENABLED=true
|
|
|
|
# =============================================================================
|
|
# SECURITY SETTINGS
|
|
# =============================================================================
|
|
|
|
# Token settings
|
|
ACCESS_TOKEN_LIFESPAN=300
|
|
REFRESH_TOKEN_LIFESPAN=1800
|
|
SSO_SESSION_IDLE_TIMEOUT=1800
|
|
SSO_SESSION_MAX_LIFESPAN=36000
|
|
|
|
# Password policy
|
|
PASSWORD_POLICY="length(8) and digits(1) and lowerCase(1) and upperCase(1)"
|
|
|
|
# =============================================================================
|
|
# OPTIONAL FEATURES
|
|
# =============================================================================
|
|
|
|
# Email configuration (optional)
|
|
# SMTP_HOST=smtp.example.com
|
|
# SMTP_PORT=587
|
|
# SMTP_FROM=noreply@example.com
|
|
# SMTP_USERNAME=smtp_user
|
|
# SMTP_PASSWORD=smtp_password
|
|
# SMTP_SSL=false
|
|
# SMTP_STARTTLS=true
|
|
|
|
# Theme configuration (optional)
|
|
# LOGIN_THEME=keycloak
|
|
# ADMIN_THEME=keycloak
|
|
# ACCOUNT_THEME=keycloak
|
|
# EMAIL_THEME=keycloak
|
|
|
|
# =============================================================================
|
|
# PRODUCTION OVERRIDES
|
|
# =============================================================================
|
|
# Uncomment and modify these for production deployments
|
|
|
|
# KEYCLOAK_URL=https://auth.yourdomain.com
|
|
# KC_HOSTNAME_STRICT=true
|
|
# KC_HOSTNAME_STRICT_HTTPS=true
|
|
# KC_HTTP_ENABLED=false
|
|
# KC_HTTPS_PORT=8443
|
|
# KC_HTTPS_CERTIFICATE_FILE=/path/to/certificate.pem
|
|
# KC_HTTPS_CERTIFICATE_KEY_FILE=/path/to/private-key.pem |
