mocode-software/meldestelle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
adce1384ee
meldestelle/config/docker/keycloak/Dockerfile
Stefan Mogeritsch d6a484c347
All checks were successful
Build and Publish Docker Images / build-and-push (., backend/infrastructure/gateway/Dockerfile, api-gateway, api-gateway) (push) Successful in 6m48s
Details
Build and Publish Docker Images / build-and-push (., backend/services/ping/Dockerfile, ping-service, ping-service) (push) Successful in 6m40s
Details
Build and Publish Docker Images / build-and-push (., config/docker/caddy/web-app/Dockerfile, web-app, web-app) (push) Successful in 1m44s
Details
Build and Publish Docker Images / build-and-push (., config/docker/keycloak/Dockerfile, keycloak, keycloak) (push) Successful in 1m31s
Details
fix: update Keycloak configuration and Docker healthcheck improvements 
- Enabled `directAccessGrants` for `frontend-client` in `meldestelle-realm.json` to support ROPC login flow.
- Strengthened admin credentials in realm configuration to meet password policy requirements.
- Upgraded Keycloak to `26.5.5` with updated Docker healthcheck logic:
  - Replaced `curl` with bash `/dev/tcp` for compatibility with `ubi9-micro` image.
  - Switched health endpoint from `/ready` to `/live` for single-node use.
  - Adjusted healthcheck timings (`start_period`, `timeout`, `interval`) for smoother startup.
- Removed deprecated v1 hostname parameter `KC_HOSTNAME_STRICT_HTTPS`.

Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
2026-03-09 15:51:42 +01:00

37 lines
1.0 KiB
Docker
Raw Blame History

# ===================================================================
# Production-Ready Keycloak Dockerfile
# ===================================================================
# Based on: quay.io/keycloak/keycloak:26.5.5
# Features:
# - Pre-built optimized image (faster startup)
# - Security hardening
# - Health monitoring
# ===================================================================
ARG KEYCLOAK_IMAGE_TAG=26.5.5
FROM quay.io/keycloak/keycloak:${KEYCLOAK_IMAGE_TAG}
ARG KEYCLOAK_IMAGE_TAG=26.5.5
LABEL maintainer="Meldestelle Development Team"
LABEL description="Production-ready Keycloak for Meldestelle authentication"
LABEL version="${KEYCLOAK_IMAGE_TAG}"
# Set environment variables for build
ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true
ENV KC_DB=postgres
WORKDIR /opt/keycloak
# Pre-build Keycloak for faster startup
RUN /opt/keycloak/bin/kc.sh build \
--db=postgres \
--health-enabled=true \
--metrics-enabled=true
# Set user
USER 1000
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
Reference in New Issue View Git Blame Copy Permalink