push working config

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "keycloak-gatekeeper"]
+	path = keycloak-gatekeeper
+	url = https://github.com/oneconcern/keycloak-gatekeeper

README.md

@@ -4,7 +4,41 @@
 
 ![Web Interface](Screenshot.png)
 
-## déployer 
+## Configurer
+
+### Keycloak
+
+- Créer un client "sshwifty":
+
+- Mapper aud -> clien id:
+
+### Gatekeeper
+
+- Editer le docker-compose.yml:
+```bash
+nano docker-compose.yml
+```
+
+```yml
+      - "--discovery-url=https://<keycloak-dns>/auth/realms/<realm>/.well-known/openid-configuration"
+      - "--client-id=sshwifty"
+      - "--client-secret=<keycloak-client-secret>"
+```
+
+### Si reverse-proxy devant
+
+- Ajouter les directives suivantes pour le websocket dans la config du reverse-proxy:
+```
+    location /sshwifty/socket {
+        proxy_pass http://sshwifty;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+    }
+```
+
+## Déployer 
 
 ```bash
 docker compose up -d
@@ -23,4 +57,4 @@ project and read their copyright statements.
 
 ## Contribuer
 
-- [ ] traduire en français
+- [ ] SSHWIFTY à traduire en français

docker-compose.yml

@@ -9,65 +9,27 @@ services:
     build:
       context: .
     ports:
-      - 9133:8182
-    deploy:
-      labels:
-        - traefik.frontend.rule=Host:ssh.legaragenumerique.fr
-        - traefik.port=80
-        - traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181
-        - traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User
-        - traefik.frontend.auth.forward.trustForwardHeader=true
+      - 8182:8182
+    volumes:
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
 
-# TRAEFIK  
-  traefik:
-    image: traefik:v2.10
-    container_name: traefik
+# KEYCLOAK GATEKEEPER
+  gatekeeper:
+    container_name: gatekeeper
     restart: always
-    command:
-      # For web ui traefik DEV
-      # - "--api.insecure=true"
-      - "--providers.docker=true"
-      - "--providers.docker.swarmmode=false"
-      - "--log.level=DEBUG"
-      - "--providers.docker.exposedByDefault=false"
-
-      - "--entryPoints.web.address=:80"
-      # - "--entryPoints.websecure.address=:443"
-      # - "--certificatesResolvers.le.acme.email=${ACME_EMAIL}"
-      # - "--certificatesResolvers.le.acme.storage=/acme/acme.json"
-      # - "--certificatesResolvers.le.acme.httpChallenge=true"
-      # - "--certificatesResolvers.le.acme.httpChallenge.entryPoint=web"
-      # - "--certificatesresolvers.le.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
+    build:
+      context: ./keycloak-gatekeeper/.
     ports:
-      # - "4443:443"
-      - "8880:80"
-      # The Web UI (enabled by --api.insecure=true) DEV
-      # - "8082:8080"
+      - 8880:8880
+    depends_on:
+      - sshwifty
+    command:
+      - "--discovery-url=https://<keycloak-dns>/auth/realms/<realm>/.well-known/openid-configuration"
+      - "--client-id=sshwifty"
+      - "--client-secret="
+      - "--listen=0.0.0.0:8880"
+      - "--upstream-url=http://sshwifty:8182"
     volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      # - ./acme:/acme
-    networks:
-      traefik_net:
-
-# GATE KEEPER
-  traefik-forward-auth:
-    image: funkypenguin/traefik-forward-auth
-    restart: always
-    env_file: ./traefik-forward-auth.env
-    networks:
-      - traefik_net
-    deploy:
-      labels:
-        - traefik.port=4181
-        - traefik.frontend.rule=Host:id/legaragenumerique.fr
-        - traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181
-        - traefik.frontend.auth.forward.trustForwardHeader=true
-
-
-# NETWORKS
-networks:
-  traefik_net:
-
-# VOLUMES
-# volumes:
-#   acme: {}
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro

keycloak-gatekeeper

@@ -0,0 +1 @@
+Subproject commit 41596cbaf63bcfd380101686aa6582a44092f42d