|
|
- #! /bin/bash
-
- RAND_PASS=`pwgen -s1 16`
-
- read -p "Keycloak version: " -ei '24.0.4' KEYCLOAK_VERSION
- read -p "Server hostname: " -ei 'keycloak.exmample.com' KEYCLOAK_HOST
- read -p "Postgres hostname: " -ei 'localhost' POSTGRES_HOST
- read -p "Postgres username: " -ei 'keycloak' POSTGRES_USER
- read -p "Postgres password: " -ei "$RAND_PASS" POSTGRES_PASS
- read -p "Postgres database: " -ei 'keycloak' POSTGRES_DB
-
- echo $PASSWORD_PASS > /usr/local/src/keycloak_db_pass
-
- if [ ! -f "keycloak-$KEYCLOAK_VERSION.tar.gz" ]; then
- wget https://github.com/keycloak/keycloak/releases/download/$KEYCLOAK_VERSION/keycloak-$KEYCLOAK_VERSION.tar.gz
- wget https://github.com/keycloak/keycloak/releases/download/$KEYCLOAK_VERSION/keycloak-$KEYCLOAK_VERSION.tar.gz.sha1
- fi
-
- SHA_HASH=`sha1sum keycloak-$KEYCLOAK_VERSION.tar.gz | cut -d" " -f1`
- KEYCLOAK_HASH=`cat keycloak-$KEYCLOAK_VERSION.tar.gz.sha1`
-
- if [ "$SHA_HASH" != "$KEYCLOAK_HASH" ]; then
- echo "Exit. Hash doesnt match."
- else
- sudo -u postgres psql -h $POSTGRES_HOST -c "CREATE DATABASE $POSTGRES_DB"
- sudo -u postgres psql -h $POSTGRES_HOST -c "CREATE USER $POSTGRES_USER WITH PASSWORD $POSTGRES_PASS"
- sudo -u postgres psql -h $POSTGRES_HOST -c "GRANT ALL PRIVILEGES ON DATABASE $POSTGRES_DB TO $POSTGRES_USER"
- tar xpf keycloak-$KEYCLOAK_VERSION.tar.gz
- mv keycloak-$KEYCLOAK_VERSION /opt/keycloak
- echo "
- # Basic settings for running in production. Change accordingly before deploying the server.
-
- # Database
-
- # The database vendor.
- db=postgres
-
- # The username of the database user.
- db-username=$POSTGRES_USER
-
- # The password of the database user.
- db-password=$POSTGRES_PASS
-
- # The full database JDBC URL. If not provided, a default URL is set based on the selected database vendor.
- db-url=jdbc:postgresql://$POSTGRES_HOST/$POSTGRES_DB
-
- # Observability
-
- # If the server should expose healthcheck endpoints.
- health-enabled=true
-
- # If the server should expose metrics endpoints.
- metrics-enabled=true
-
- # HTTP
- # The proxy address forwarding mode if the server is behind a reverse proxy.
- proxy=edge
- proxy-headers=xforwarded
-
- # Do not attach route to cookies and rely on the session affinity capabilities from reverse proxy
- #spi-sticky-session-encoder-infinispan-should-attach-route=false
-
- # Hostname for the Keycloak server.
- hostname=$KEYCLOAK_HOST
- hostname-strict=false" > /opt/keycloak/conf/keyclaok.conf
- fi
-
|