Skip to content

Commit

Permalink
add docker compose
Browse files Browse the repository at this point in the history
  • Loading branch information
@Vad1mo
Vad1mo committed Apr 19, 2017
1 parent a65a555 commit 06f3a45
Show file tree
Hide file tree
Showing 6 changed files with 45 additions and 23 deletions.
3 changes: 2 additions & 1 deletion .gitignore
View file
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
.history
.history
.env
25 changes: 14 additions & 11 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,21 @@
FROM openjdk:8-jre-alpine

ENV KEYCLOAK_VERSION 3.0.0.Final
ENV DOCKERIZE_VERSION v0.4.0
ENV KEYCLOAK_VERSION=3.0.0.Final \
DOCKERIZE_VERSION=v0.4.0

RUN apk --no-cache update && apk add ca-certificates openssl unzip &&\
WORKDIR /app
COPY proxy.tmpl .
COPY start-proxy.sh .

RUN apk --no-cache add ca-certificates openssl unzip &&\
wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz && \
tar -C /usr/local/bin -xzvf dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz && \
rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz
RUN wget http:https://central.maven.org/maven2/org/keycloak/keycloak-proxy-dist/$KEYCLOAK_VERSION/keycloak-proxy-dist-$KEYCLOAK_VERSION.zip && \
unzip keycloak-proxy-dist-$KEYCLOAK_VERSION.zip && mv keycloak-proxy-$KEYCLOAK_VERSION /app && rm keycloak-proxy-dist-$KEYCLOAK_VERSION.zip && \
chmod -R g+rwX /app
rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz &&\
wget http:https://central.maven.org/maven2/org/keycloak/keycloak-proxy-dist/$KEYCLOAK_VERSION/keycloak-proxy-dist-$KEYCLOAK_VERSION.zip && \
unzip keycloak-proxy-dist-$KEYCLOAK_VERSION.zip && mv keycloak-proxy-$KEYCLOAK_VERSION/* . && rm -rf keycloak-proxy* && \
chmod 755 start-proxy.sh &&\
chmod -R g+rwX /app

EXPOSE 8080 8443

WORKDIR /app
EXPOSE 80 443

CMD ["java", "-jar", "bin/launcher.jar"]
CMD ["/app/start-proxy.sh"]
12 changes: 6 additions & 6 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
# Keycloak Auth Proxy

The Keycloak Auth Proxy makes it possible to protect web resources that have no build in authentication.
The Keycloak Auth Proxy provides authentication and authorization for web resources with OpenID Connect/OAuth, that have no build in authentication.

This Auth Proxy Service uses [Keycloak Proxy][kcp] a Java/Undertow solution designed for Keycloak but that should work with any other IMA that support OpenID/Connect.
This Auth Proxy Service uses [Keycloak Proxy][kcp], which is a Java/Undertow solution designed for Keycloak but that should also work with any other solution that supports OpenID/Connect.

## How is it working

Expand All @@ -16,10 +16,10 @@ This Auth Proxy Service uses [Keycloak Proxy][kcp] a Java/Undertow solution desi

There are two very common use cases why one would use the Keycloak Auth Proxy together with an Identity & Access Management Service (IAM)

- Protect static websites from unauthorized access only allowing authenticated users to see the content.
- Protect static websites from unauthorized access, allowing only authenticated users to see the content.
This is useful in combination with static website generator or other generated documentation.
- Outsource the authentication/authorization to Keycloak Auth Proxy and just relay on the header parameter with username and grants which are forwarded to the upstream application.

- Outsource the authentication/authorization step to Keycloak Auth Proxy and just relay on the forward HTTP headers with username/grants in the upstream application.
This approach can be handy if you have an application, where there are no OpenID Connect library or if you don't won't perform to many changes in the application.

## Usage

Expand All @@ -42,7 +42,7 @@ Variables without default values are mandatory.
- `AUTH_SERVER_URL` The auth server URL
- `RESOURCE` (default `account`) The resource to request aka client id
- `SECRET` Credential secret
- `CONSTRAINT_PATH` (default `/*`) You can define multiple path but they must be separated with a `;`
- `CONSTRAINT_PATH` (default `/*`) You can define multiple path but they must be separated with an `;`

## Alternatives

Expand Down
18 changes: 18 additions & 0 deletions docker-compose.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
version: '2'
services:
auth-proxy:
build: .
ports:
- "8080:80"
# This placeholder will be filled by the variables in the .env file.
environment:
TARGET_URL:
REALM:
REALM_PUBLIC_KEY:
AUTH_SERVER_URL:
RESOURCE:
SECRET:




4 changes: 2 additions & 2 deletions proxy.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/*
This is an sample proxy file config
For more see: https://keycloak.gitbooks.io/documentation/server_installation/topics/proxy.html
This is an Example of proxy file config that was generated from from the proxy.tmpl
For more details regarding file format and meaning see: https://keycloak.gitbooks.io/documentation/server_installation/topics/proxy.html
*/
{
"target-url": "http:https://172.17.0.2:2015",
Expand Down
6 changes: 3 additions & 3 deletions proxy.tmpl
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
{
"target-url": "{{ .Env.TARGET_URL }}",
"bind-address": "0.0.0.0",
"http-port": "{{ default .Env.HTTP_PORT '80' }}",
"http-port": "{{ default .Env.HTTP_PORT "80" }}",
"applications": [
{
"base-path": "{{ default .Env.BASE_PATH '/' }}",
"base-path": "{{ default .Env.BASE_PATH "/" }}",
"adapter-config": {
"realm": "{{ .Env.REALM }}",
"realm-public-key": "{{ .Env.REALM_PUBLIC_KEY }}",
"auth-server-url": "{{ .Env.AUTH_SERVER_URL }}",
"ssl-required": "external",
"resource": "{{ default .Env.RESOURCE 'account' }}",
"resource": "{{ default .Env.RESOURCE "account" }}",
"credentials": {
"secret": "{{ .Env.SECRET }}"
}
Expand Down

0 comments on commit 06f3a45

Please sign in to comment.