Abans de comen\u00e7ar, assegura\u2019t de tenir:<\/p>\n\n\n\n
my-docker-network<\/code>) creada:docker network create my-docker-network<\/code><\/li>\n\n\n\n- Un contenidor de MariaDB actiu a la mateixa xarxa, per exemple:<\/li>\n<\/ul>\n\n\n\n
docker run -d --name mariadb \\\n --network my-docker-network \\\n -e MYSQL_ROOT_PASSWORD=admin \\\n -e MYSQL_DATABASE=keycloak \\\n -e MYSQL_USER=keycloak \\\n -e MYSQL_PASSWORD=theSuperSecr3tP4ssw0rd! \\\n mariadb:11<\/code><\/pre>\n\n\n\n
\n\n\n\n\ud83e\uddf1 Construcci\u00f3 de la imatge de Keycloak<\/h4>\n\n\n\n
Crea un fitxer anomenat Dockerfile<\/code> amb el seg\u00fcent contingut:<\/p>\n\n\n\nFROM keycloak\/keycloak:26.2 AS builder\n\nWORKDIR \/opt\/keycloak\n\nCOPY cert.pem \/opt\/keycloak\/conf\/cert.pem\nCOPY cert.key \/opt\/keycloak\/conf\/cert.key\nCOPY ca.pem \/opt\/keycloak\/conf\/ca.pem\n\nCOPY mariadb-java-client-3.5.3.jar \/opt\/keycloak\/providers\/mariadb-java-client.jar\n\n# Database\nENV KC_DB=mariadb\n\n# Metrics\nENV KC_METRICS_ENABLED=true\n\n# Health\nENV KC_HEALTH_ENABLED=true\n\nRUN \/opt\/keycloak\/bin\/kc.sh build\n\nFROM keycloak\/keycloak:26.2\n\nCOPY --from=builder \/opt\/keycloak\/ \/opt\/keycloak\/\n\n# Hostname\nENV KC_HOSTNAME=sso.xavs.cat\nENV KC_HOSTNAME_STRICT=true\n\n# Database\nENV KC_DB=mariadb\nENV KC_DB_URL=jdbc:mariadb:\/\/mariadb:3306\/keycloak?autoReconnect=true\nENV KC_DB_PASSWORD=theSuperSecr3tP4ssw0rd!\nENV KC_DB_USERNAME=keycloak\n\n# Logging\nENV KC_LOG_LEVEL=info\n\n# Metrics\nENV KC_METRICS_ENABLED=true\n\n# Health\nENV KC_HEALTH_ENABLED=true\n\n# HTTP\nENV KC_HTTP_ENABLED=true\nENV KC_HTTPS_CERTIFICATE_FILE=\/opt\/keycloak\/conf\/cert.pem\nENV KC_HTTPS_CERTIFICATE_KEY_FILE=\/opt\/keycloak\/conf\/cert.key\n\n# Admin\nENV KC_BOOTSTRAP_ADMIN_USERNAME=admin\nENV KC_BOOTSTRAP_ADMIN_PASSWORD=Temporal1234!=\n\nWORKDIR \/opt\/keycloak\n\nEXPOSE 8443\nEXPOSE 9000\n\nCMD [\"start\"]<\/code><\/pre>\n\n\n\nDespr\u00e9s, construeix la imatge:<\/p>\n\n\n\n
docker build -t localhost\/keycloak:26.2 .<\/code><\/pre>\n\n\n\n
\n\n\n\n\ud83d\ude80 Execuci\u00f3 del contenidor de Keycloak<\/h4>\n\n\n\n
Executa el contenidor amb:<\/p>\n\n\n\n
docker run -d --name keycloak \\\n -p 8443:8443 -p 9000:9000 \\\n --memory=\"1024m\" --cpus=\"1\" \\\n --restart=unless-stopped \\\n --network my-docker-network \\\n localhost\/keycloak:26.2<\/code><\/pre>\n\n\n\n
\n\n\n\n\ud83d\udd10 Certificats i seguretat<\/h4>\n\n\n\n
Aquest desplegament utilitza HTTPS amb un certificat personalitzat. Assegura\u2019t que els fitxers seg\u00fcents estan al mateix directori que el Dockerfile<\/code>:<\/p>\n\n\n\n\ncert.pem<\/code>\u00a0\u2013 certificat p\u00fablic<\/li>\n\n\n\ncert.key<\/code>\u00a0\u2013 clau privada<\/li>\n\n\n\nca.pem<\/code>\u00a0\u2013 certificat de l\u2019autoritat certificadora<\/li>\n<\/ul>\n\n\n\n
\n\n\n\n\ud83d\udee0\ufe0f Par\u00e0metres importants<\/h4>\n\n\n\n\n- Base de dades<\/strong>:\u00a0
MariaDB<\/code>\u00a0configurada amb usuaris i contrasenya per Keycloak.<\/li>\n\n\n\n- Admin<\/strong>: L’usuari administrador es crea autom\u00e0ticament amb les credencials:\n
\n- Usuari:\u00a0
admin<\/code><\/li>\n\n\n\n- Contrasenya:\u00a0
Temporal1234!=<\/code><\/li>\n<\/ul>\n<\/li>\n\n\n\n- Ports exposats<\/strong>:\n
\n8443<\/code>: per accedir a la interf\u00edcie web segura<\/li>\n\n\n\n9000<\/code>: per a estad\u00edstiques o m\u00e8triques (si est\u00e0 configurat)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
\n\n\n\n\ud83c\udf10 Acc\u00e9s al panell de Keycloak<\/h4>\n\n\n\n
Un cop estigui el contenidor en execuci\u00f3, accedeix a la consola d\u2019administraci\u00f3 a trav\u00e9s de:<\/p>\n\n\n\n
https://sso.xavs.cat:8443<\/code><\/pre>\n\n\n\n
\n\n\n\n\ud83d\udcca Monitoritzaci\u00f3 i Salut<\/h4>\n\n\n\n
El sistema ve preparat amb:<\/p>\n\n\n\n
\n- M\u00e8triques Prometheus<\/strong>\u00a0activades: port\u00a0
9000<\/code><\/li>\n\n\n\n- Endpoint de salut<\/strong>\u00a0activat<\/li>\n<\/ul>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
Documentaci\u00f3: Instal\u00b7laci\u00f3 de Keycloak amb MariaDB en Docker \ud83d\udd27 Requisits previs Abans de comen\u00e7ar, assegura\u2019t de tenir: \ud83e\uddf1 Construcci\u00f3 de la imatge de Keycloak Crea un fitxer anomenat Dockerfile amb el seg\u00fcent contingut: Despr\u00e9s, construeix la imatge: \ud83d\ude80 Execuci\u00f3 del contenidor de Keycloak Executa el contenidor amb: \ud83d\udd10 Certificats i seguretat Aquest desplegament utilitza HTTPS amb un […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"class_list":["post-64","post","type-post","status-publish","format-standard","hentry","category-docker"],"_links":{"self":[{"href":"https:\/\/xavs.cat\/index.php?rest_route=\/wp\/v2\/posts\/64","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xavs.cat\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xavs.cat\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xavs.cat\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/xavs.cat\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=64"}],"version-history":[{"count":1,"href":"https:\/\/xavs.cat\/index.php?rest_route=\/wp\/v2\/posts\/64\/revisions"}],"predecessor-version":[{"id":65,"href":"https:\/\/xavs.cat\/index.php?rest_route=\/wp\/v2\/posts\/64\/revisions\/65"}],"wp:attachment":[{"href":"https:\/\/xavs.cat\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=64"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xavs.cat\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=64"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xavs.cat\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=64"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}