|
#! /bin/bash
|
|
|
|
RAND_PASS=`pwgen -s1 16`
|
|
|
|
read -p "Keycloak version: " -ei '24.0.4' KEYCLOAK_VERSION
|
|
read -p "Server hostname: " -ei 'keycloak.exmample.com' KEYCLOAK_HOST
|
|
read -p "Postgres hostname: " -ei 'localhost' POSTGRES_HOST
|
|
read -p "Postgres username: " -ei 'keycloak' POSTGRES_USER
|
|
read -p "Postgres password: " -ei "$RAND_PASS" POSTGRES_PASS
|
|
read -p "Postgres database: " -ei 'keycloak' POSTGRES_DB
|
|
|
|
echo $PASSWORD_PASS > /usr/local/src/keycloak_db_pass
|
|
|
|
if [ ! -f "keycloak-$KEYCLOAK_VERSION.tar.gz" ]; then
|
|
wget https://github.com/keycloak/keycloak/releases/download/$KEYCLOAK_VERSION/keycloak-$KEYCLOAK_VERSION.tar.gz
|
|
wget https://github.com/keycloak/keycloak/releases/download/$KEYCLOAK_VERSION/keycloak-$KEYCLOAK_VERSION.tar.gz.sha1
|
|
fi
|
|
|
|
SHA_HASH=`sha1sum keycloak-$KEYCLOAK_VERSION.tar.gz | cut -d" " -f1`
|
|
KEYCLOAK_HASH=`cat keycloak-$KEYCLOAK_VERSION.tar.gz.sha1`
|
|
|
|
if [ "$SHA_HASH" != "$KEYCLOAK_HASH" ]; then
|
|
echo "Exit. Hash doesnt match."
|
|
else
|
|
sudo -u postgres psql -h $POSTGRES_HOST -c "CREATE DATABASE $POSTGRES_DB"
|
|
sudo -u postgres psql -h $POSTGRES_HOST -c "CREATE USER $POSTGRES_USER WITH PASSWORD $POSTGRES_PASS"
|
|
sudo -u postgres psql -h $POSTGRES_HOST -c "GRANT ALL PRIVILEGES ON DATABASE $POSTGRES_DB TO $POSTGRES_USER"
|
|
tar xpf keycloak-$KEYCLOAK_VERSION.tar.gz
|
|
mv keycloak-$KEYCLOAK_VERSION /opt/keycloak
|
|
echo "
|
|
# Basic settings for running in production. Change accordingly before deploying the server.
|
|
|
|
# Database
|
|
|
|
# The database vendor.
|
|
db=postgres
|
|
|
|
# The username of the database user.
|
|
db-username=$POSTGRES_USER
|
|
|
|
# The password of the database user.
|
|
db-password=$POSTGRES_PASS
|
|
|
|
# The full database JDBC URL. If not provided, a default URL is set based on the selected database vendor.
|
|
db-url=jdbc:postgresql://$POSTGRES_HOST/$POSTGRES_DB
|
|
|
|
# Observability
|
|
|
|
# If the server should expose healthcheck endpoints.
|
|
health-enabled=true
|
|
|
|
# If the server should expose metrics endpoints.
|
|
metrics-enabled=true
|
|
|
|
# HTTP
|
|
# The proxy address forwarding mode if the server is behind a reverse proxy.
|
|
proxy=edge
|
|
proxy-headers=xforwarded
|
|
|
|
# Do not attach route to cookies and rely on the session affinity capabilities from reverse proxy
|
|
#spi-sticky-session-encoder-infinispan-should-attach-route=false
|
|
|
|
# Hostname for the Keycloak server.
|
|
hostname=$KEYCLOAK_HOST
|
|
hostname-strict=false" > /opt/keycloak/conf/keyclaok.conf
|
|
fi
|
|
|