chore(keycloak): set keycloak hostname and header mode for proxy

2024-11-09 12:21:56 +01:00
parent d8d0b5c9e5
commit c7040c96f8
3 changed files with 16 additions and 8 deletions
--- a/roles/keycloak/README.md
+++ b/roles/keycloak/README.md
@@ -3,3 +3,14 @@
 Ansible role for deploying keycloak, currently only supports docker.

 Migrated from `entropia.sso.keycloak`.
+
+## Required variables
+
+- `keycloak_database_password` - password for the database user
+- `keycloak_config_hostname` - public domain of the keycloak server
+
+## Database configuration
+
+- `keycloak_database_hostname` - hostname of the database server, defaults to `localhost`
+- `keycloak_database_username` - username to use when connecting to the database server, defaults to `keycloak`
+- `keycloak_database_database` - name of the database to use, defaults to `keycloak`
--- a/roles/keycloak/defaults/main.yml
+++ b/roles/keycloak/defaults/main.yml
@@ -37,7 +37,10 @@ keycloak_container_command: >-2
  start
  --db-username {{ keycloak_database_username }}
  --db-password {{ keycloak_database_password }}
-  --db-url jdbc:postgresql://{{ keycloak_database_hostname }}:{{ keycloak_database_port }}/{{ keycloak_database_database }}
+  --db-url jdbc:postgresql://{{ keycloak_database_hostname }}{{ keycloak_database_port | ternary(':' ~ keycloak_database_port, '') }}/{{ keycloak_database_database }}
+  {{ keycloak_container_extra_start_flags | default([]) | join(' ') }}
+  --proxy-headers=xforwarded
+  --hostname {{ keycloak_config_hostname }}
  --optimized

 keycloak_config_health_enabled: true
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@@ -67,12 +67,6 @@
    recreate: "{{ keycloak_container_force_recreate | default(false) or (keycloak_container_image_status.changed if keycloak_container_image_status is defined else false) }}"
    etc_hosts: "{{ keycloak_container_etc_hosts | default(omit) }}"
    state: started
-    command: >-2
-      start
-      --db-username {{ keycloak_database_username }}
-      --db-password {{ keycloak_database_password }}
-      --db-url jdbc:postgresql://{{ keycloak_database_hostname }}{{ keycloak_database_port | ternary(':' ~ keycloak_database_port, '') }}/{{ keycloak_database_database }}
-      {{ keycloak_container_extra_start_flags | default([]) | join(' ') }}
-      --optimized
+    command: "{{ keycloak_container_command }}"
  tags:
    - keycloak-container