Configure SMTP via init container and set public hostname

- Add keycloak-smtp-init service that uses kcadm.sh to apply SES SMTP settings to the master realm at startup (idempotent, env-driven). - Set KC_HOSTNAME to https://auth.e-cosplay.fr and trust X-Forwarded-* headers for the upcoming Caddy reverse proxy in front. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-10 08:38:08 +02:00
parent 9f83c5aa02
commit be17955712
1 changed files with 46 additions and 1 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -27,8 +27,9 @@ services:
      KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
      KC_DB_USERNAME: keycloak
      KC_DB_PASSWORD: keycloak
-      KC_HOSTNAME: localhost
+      KC_HOSTNAME: https://auth.e-cosplay.fr
      KC_HTTP_ENABLED: "true"
+      KC_PROXY_HEADERS: xforwarded
      KC_HEALTH_ENABLED: "true"
      KC_METRICS_ENABLED: "true"
      KEYCLOAK_ADMIN: admin
@@ -41,6 +42,50 @@ services:
    networks:
      - keycloak-net

+  keycloak-smtp-init:
+    image: quay.io/keycloak/keycloak:26.0
+    container_name: ecosplay-auth-smtp-init
+    depends_on:
+      keycloak:
+        condition: service_started
+    environment:
+      KC_SERVER: http://keycloak:8080
+      KC_ADMIN: admin
+      KC_ADMIN_PASSWORD: admin
+      SMTP_HOST: email-smtp.eu-west-3.amazonaws.com
+      SMTP_PORT: "587"
+      SMTP_FROM: auth@e-cosplay.fr
+      SMTP_FROM_DISPLAY_NAME: E-Cosplay
+      SMTP_USER: AKIAWTT2T22CWBRBBDYN
+      SMTP_PASSWORD: BBdgb6KxRQ8mNcpWFJsZCJxbSGNdgLhKFiITMErfBlQP
+    entrypoint: ["/bin/bash", "-c"]
+    command:
+      - |
+        set -e
+        until /opt/keycloak/bin/kcadm.sh config credentials \
+            --server "$$KC_SERVER" \
+            --realm master \
+            --user "$$KC_ADMIN" \
+            --password "$$KC_ADMIN_PASSWORD" >/dev/null 2>&1; do
+          echo "Waiting for Keycloak to be ready..."
+          sleep 5
+        done
+        echo "Keycloak ready, configuring SMTP on master realm..."
+        /opt/keycloak/bin/kcadm.sh update realms/master \
+          -s "smtpServer.host=$$SMTP_HOST" \
+          -s "smtpServer.port=$$SMTP_PORT" \
+          -s "smtpServer.from=$$SMTP_FROM" \
+          -s "smtpServer.fromDisplayName=$$SMTP_FROM_DISPLAY_NAME" \
+          -s "smtpServer.auth=true" \
+          -s "smtpServer.starttls=true" \
+          -s "smtpServer.ssl=false" \
+          -s "smtpServer.user=$$SMTP_USER" \
+          -s "smtpServer.password=$$SMTP_PASSWORD"
+        echo "SMTP configuration applied to master realm."
+    networks:
+      - keycloak-net
+    restart: "no"
+
 volumes:
  postgres_data: