Keycloak + nginx reverse proxy (#63)

* Example Keycloak config.

* Proxy for geth, ipld-eth-server, and lighthouse.

* Add metrics.
This commit is contained in:
Thomas E Lackey 2022-12-14 12:59:40 -06:00 committed by GitHub
parent c85b29c237
commit df0bf549a2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 2232 additions and 0 deletions

View File

@ -16,3 +16,4 @@ cerc/watcher-mobymask
cerc/test-container cerc/test-container
cerc/eth-probe cerc/eth-probe
cerc/builder-js cerc/builder-js
cerc/keycloak

View File

@ -13,3 +13,4 @@ fixturenet-eth
watcher-mobymask watcher-mobymask
test test
eth-probe eth-probe
keycloak

View File

@ -0,0 +1,37 @@
version: '3.8'
services:
keycloak-db:
image: postgres:14-alpine
env_file:
- ../config/keycloak/keycloak.env
healthcheck:
test: ["CMD", "nc", "-v", "localhost", "5432"]
interval: 30s
timeout: 10s
retries: 10
start_period: 3s
ports:
- 5432
keycloak:
image: cerc/keycloak:local
env_file:
- ../config/keycloak/keycloak.env
environment:
JAVA_OPTS_APPEND: "-Dkeycloak.migration.action=import -Dkeycloak.migration.provider=dir -Dkeycloak.migration.dir=/import -Dkeycloak.migration.strategy=IGNORE_EXISTING"
volumes:
- ../config/keycloak/import:/import
ports:
- 8080
command: ["start"]
depends_on:
keycloak-db:
condition: service_healthy
keycloak-nginx:
image: nginx:1.23-alpine
volumes:
- ../config/keycloak/nginx:/etc/nginx/conf.d
ports:
- 80
depends_on:
- keycloak

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,17 @@
POSTGRES_DB=keycloak
POSTGRES_USER=keycloak
POSTGRES_PASSWORD=keycloak
KC_DB=postgres
KC_DB_URL_HOST=keycloak-db
KC_DB_URL_DATABASE=${POSTGRES_DB}
KC_DB_USERNAME=${POSTGRES_USER}
KC_DB_PASSWORD=${POSTGRES_PASSWORD}
KC_DB_SCHEMA=public
KC_HOSTNAME=localhost
KC_HTTP_ENABLED="true"
KC_HTTP_RELATIVE_PATH="/auth"
KC_HOSTNAME_STRICT_HTTPS="false"
KEYCLOAK_ADMIN=admin
KEYCLOAK_ADMIN_PASSWORD=admin
X_API_CHECK_REALM=cerc
X_API_CHECK_CLIENT_ID="%api_key%"

View File

@ -0,0 +1,69 @@
server {
listen 80;
listen [::]:80;
server_name localhost;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
### geth
location ~ ^/eth/?([^/]*)$ {
set $apiKey $1;
if ($apiKey = '') {
set $apiKey $http_X_API_KEY;
}
auth_request /auth;
proxy_buffering off;
rewrite /.*$ / break;
proxy_pass http://fixturenet-eth-geth-1:8545;
}
### ipld-eth-server
# location ~ ^/ipld/eth/([^/]*)$ {
# set $apiKey $1;
# if ($apiKey = '') {
# set $apiKey $http_X_API_KEY;
# }
# auth_request /auth;
# proxy_buffering off;
# rewrite /.*$ / break;
# proxy_pass http://ipld-eth-server:8081;
# }
#
# location ~ ^/ipld/gql/([^/]*)$ {
# set $apiKey $1;
# if ($apiKey = '') {
# set $apiKey $http_X_API_KEY;
# }
# auth_request /auth;
# proxy_buffering off;
# rewrite /.*$ / break;
# proxy_pass http://ipld-eth-server:8082;
# }
#
### lighthouse
# location /beacon/ {
# set $apiKey $http_X_API_KEY;
# auth_request /auth;
# proxy_buffering off;
# proxy_pass http://fixturenet-eth-lighthouse-1:8001/;
# }
location = /auth {
internal;
proxy_buffering off;
resolver 127.0.0.11 ipv6=off;
proxy_pass http://keycloak:8080/auth/realms/cerc/check?apiKey=$apiKey;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Original-Remote-Addr $remote_addr;
proxy_set_header X-Original-Host $host;
}
# location = /basic_status {
# stub_status;
# }
}

View File

@ -0,0 +1,12 @@
FROM maven:3-eclipse-temurin-11-alpine AS builder
RUN apk add --update --no-cache git
WORKDIR /build
RUN git clone https://github.com/cerc-io/keycloak-api-key-demo.git && \
cd keycloak-api-key-demo && \
git checkout '60c48b5c3e562c6cf2c85cfdd8f08145b0ebac5a' && \
mvn -f api-key-module package
FROM quay.io/keycloak/keycloak:20.0
COPY --from=builder /build/keycloak-api-key-demo//api-key-module/target/deploy/* /opt/keycloak/providers/
WORKDIR /opt/keycloak/providers
RUN curl -L https://github.com/aerogear/keycloak-metrics-spi/releases/download/2.5.3/keycloak-metrics-spi-2.5.3.jar --output keycloak-metrics-spi.jar

View File

@ -0,0 +1,8 @@
#!/usr/bin/env bash
#
#Build cerc/keycloack
# See: https://stackoverflow.com/a/246128/1701505
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
docker build -t cerc/keycloak:local ${SCRIPT_DIR}