version: '3.9'

services:
  keycloak_db:
    image: postgres:14.5
    restart: always
    environment:
      - POSTGRES_DB=keycloak
      - POSTGRES_USER=keycloak
      - POSTGRES_PASSWORD=keycloak
    volumes:
      - ./postgres_data:/var/lib/postgresql/data
    networks:
      - local-keycloak

  keycloak:
    build:
      context: ./build
    depends_on:
      - keycloak_db
    environment:
      - KC_HEALTH_ENABLED=true
      - KC_DB=postgres
      - KC_DB_URL=jdbc:postgresql://keycloak_db:5432/keycloak
      - KC_DB_URL_DATABASE=keycloak
      - KC_DB_USERNAME=keycloak
      - KC_DB_PASSWORD=keycloak
      - KC_PROXY_ADDRESS_FORWARDING=true
      - KC_HOSTNAME=auth.cttue.de
      - KC_HOSTNAME_STRICT_HTTPS=false
      - KC_PROXY=edge
      - KC_FEATURES=account2,account-api
      - VIRTUAL_PORT=8080
    restart: always
    networks:
      - local-keycloak
      - traefik
    labels:
      - traefik.enable=true
      - traefik.docker.network=traefik
      - traefik.http.routers.keycloak.entrypoints=web-secure
      - traefik.http.routers.keycloak.service=keycloak
      - traefik.http.routers.keycloak.rule=Host(`auth.cttue.de`)
      - traefik.http.routers.keycloak.tls=true
      - traefik.http.routers.keycloak.tls.certResolver=default
      - traefik.http.routers.keycloak.tls.domains[0]=cttue.de
      - traefik.http.routers.keycloak.tls.domains[0].sans=auth.cttue.de
      - traefik.http.services.keycloak.loadbalancer.server.port=8080
networks:
  local-keycloak:
  traefik:
   external: true