| 第1行: | 第1行: | ||
== Install == | == Install == | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
docker stop yai-postgres && docker rm yai-postgres | |||
docker run \ | |||
--name yai-postgres \ | |||
-p 5432:5432 \ | |||
-e POSTGRES_USER=${POSTGRES_USER} \ | |||
-e POSTGRES_DB=development-db \ | |||
-e POSTGRES_PASSWORD=${POSTGRES_PASSWORD} \ | |||
-v ./postgres-data:/var/lib/postgresql/data \ | |||
--network yai-zone \ | |||
-d postgres | |||
docker run --name | docker run --name yai-keycloak \ | ||
-p 8081:8080 -d \ | -p 8081:8080 -d \ | ||
-e KC_BOOTSTRAP_ADMIN_USERNAME= | -e KC_BOOTSTRAP_ADMIN_USERNAME=${KC_BOOTSTRAP_ADMIN_USERNAME} \ | ||
-e KC_BOOTSTRAP_ADMIN_PASSWORD= | -e KC_BOOTSTRAP_ADMIN_PASSWORD=${KC_BOOTSTRAP_ADMIN_PASSWORD} \ | ||
-e KC_DB=postgres \ | |||
-e KC_DB_URL=jdbc:postgresql://yai-postgres:5432/development-db \ | |||
-e KC_DB_SCHEMA=keycloak \ | |||
-e KC_DB_USERNAME=${POSTGRES_USER} \ | |||
-e KC_DB_PASSWORD=${POSTGRES_PASSWORD} \ | |||
--network yai-zone \ | |||
quay.io/keycloak/keycloak:26.3.2 start-dev \ | quay.io/keycloak/keycloak:26.3.2 start-dev \ | ||
--hostname=https:// | --hostname=https://auth.example.com | ||
</syntaxhighlight> | </syntaxhighlight> | ||
2025年8月6日 (三) 01:27的版本
Install
docker stop yai-postgres && docker rm yai-postgres
docker run \
--name yai-postgres \
-p 5432:5432 \
-e POSTGRES_USER=${POSTGRES_USER} \
-e POSTGRES_DB=development-db \
-e POSTGRES_PASSWORD=${POSTGRES_PASSWORD} \
-v ./postgres-data:/var/lib/postgresql/data \
--network yai-zone \
-d postgres
docker run --name yai-keycloak \
-p 8081:8080 -d \
-e KC_BOOTSTRAP_ADMIN_USERNAME=${KC_BOOTSTRAP_ADMIN_USERNAME} \
-e KC_BOOTSTRAP_ADMIN_PASSWORD=${KC_BOOTSTRAP_ADMIN_PASSWORD} \
-e KC_DB=postgres \
-e KC_DB_URL=jdbc:postgresql://yai-postgres:5432/development-db \
-e KC_DB_SCHEMA=keycloak \
-e KC_DB_USERNAME=${POSTGRES_USER} \
-e KC_DB_PASSWORD=${POSTGRES_PASSWORD} \
--network yai-zone \
quay.io/keycloak/keycloak:26.3.2 start-dev \
--hostname=https://auth.example.com
server {
server_name oauth.example.com;
location / {
root html;
index index.html index.htm;
proxy_pass http://localhost:8081;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 443;
}
...
}Configure
- Create realm: my-org
- Create users: whatever
- Create client: my-app
- Client ID: my-app
- Valid redirect URIs: http://localhost:5173/auth/callback
- Valid post logout redirect URIs : http://localhost:5173
- Web origins: http://localhost:5173 (No slash at end!!!)
- Client authentication: off (for public clients)
- Authentication flow: Standard flow, Direct access grants