infra: clean up Keycloak configuration, enforce consistency in .env, and improve health checks

Streamlined Keycloak configurations with defaults for development and production in `.env`. Added health checks and improved environment variable documentation with comments to differentiate local and server deployments. Ensured compatibility with pre-built registry images.
2026-03-06 11:23:24 +01:00
parent 6cb1f2d5ba
commit 09b0b1a462
75 changed files with 441 additions and 44 deletions
@@ -8,6 +8,10 @@
 # --- PROJECT ---
 PROJECT_NAME=meldestelle

+# --- BACKUP ---
+BACKUP_DIR=/home/stefan/backups/meldestelle
+BACKUP_RETENTION_DAYS=7
+
 # Docker build versions (optional overrides)
 DOCKER_VERSION=1.0.0-SNAPSHOT
 DOCKER_REGISTRY=git.mo-code.at/mocode-software
@@ -48,15 +52,21 @@ SPRING_DATA_VALKEY_PASSWORD=valkey-password
 KEYCLOAK_IMAGE_TAG=26.4
 KC_HEAP_MIN=512M
 KC_HEAP_MAX=1024M
+# Lokale Entwicklung: start-dev (kein Pre-Build nötig, kein --optimized)
+# Server/Produktion: start --optimized --import-realm (nutzt das pre-built Registry-Image)
 KC_COMMAND=start-dev --import-realm
 KC_ADMIN_USERNAME=kc-admin
 KC_ADMIN_PASSWORD=kc-password
 KC_DB=postgres
 KC_DB_SCHEMA=keycloak
 KC_DB_PASSWORD=meldestelle
+# Lokal: localhost | Server: echte IP oder Domain (z.B. 192.168.1.100 oder auth.meldestelle.at)
 KC_HOSTNAME=localhost
+# false = kein Hostname-Strict-Check (empfohlen für Entwicklung und HTTP-only Server)
+KC_HOSTNAME_STRICT=false
+KC_HOSTNAME_STRICT_HTTPS=false
 KC_PORT=8180:8080
-KC_DEBUG_PORT=9000:9000
+KC_MANAGEMENT_PORT=9000:9000

 # --- KEYCLOAK TOKEN VALIDATION ---
 # Public Issuer URI (must match the token issuer from browser/postman)