581d6a0929
Go-live: - Switch keycloak from start-dev to start --import-realm (production mode with auto-build at boot, no Dockerfile needed yet). - Set KC_HOSTNAME=https://auth.e-cosplay.fr and KC_PROXY_HEADERS= xforwarded so Keycloak emits correct issuer URLs and trusts Caddy's X-Forwarded-* headers. - Replace deprecated KEYCLOAK_ADMIN env vars with KC_BOOTSTRAP_ADMIN_*. - Bind the public port to 127.0.0.1 only (Caddy is colocated). - Add a Keycloak healthcheck against /health/ready on the management port (9000) using bash /dev/tcp; init container now waits on service_healthy instead of service_started. Architecture: - New realms/ecosplay-realm.json mounted into /opt/keycloak/data/import and imported on first boot. Defines the dedicated 'ecosplay' realm (separate from master) with French i18n, brute-force protection, strong password policy, SES SMTP, and an OIDC client 'ecosplay-web' pointing at e-cosplay.fr (confidential + PKCE S256). Theme coverage: - themes/ecosplay/account: PatternFly v5 overlay (parent=keycloak.v2) bringing the neo-brutalist colors, thick borders, italic uppercase typography, and offset hard shadows to the user account console. - themes/ecosplay/email: branded HTML wrapper template (table layout with inline styles for email-client safety) plus a matching plain text wrapper. All Keycloak emails now ship with the E-Cosplay identity without needing per-template overrides. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
3 lines
30 B
INI
3 lines
30 B
INI
parent=keycloak
|
|
locales=fr,en
|