binary1ne commited on
Commit
163c51f
·
verified ·
1 Parent(s): 5da7771

Update Dockerfile

Browse files
Files changed (1) hide show
  1. Dockerfile +21 -8
Dockerfile CHANGED
@@ -12,27 +12,40 @@ FROM quay.io/keycloak/keycloak:25.0.6
12
  # Copy built Keycloak
13
  COPY --from=builder /opt/keycloak/ /opt/keycloak/
14
 
 
 
15
 
16
-
17
- # Generate self-signed cert
18
  RUN mkdir -p /opt/keycloak/certs && \
19
- openssl req -x509 -newkey rsa:4096 -keyout /opt/keycloak/certs/key.pem -out /opt/keycloak/certs/cert.pem -days 365 -nodes -subj "/CN=localhost"
 
 
 
 
 
 
 
 
 
 
 
 
20
 
21
  # Switch back to Keycloak user
22
  USER 1000
23
 
24
- # Expose Hugging Face port
25
  EXPOSE 7860
26
 
27
- # Set admin credentials
28
  ENV KEYCLOAK_ADMIN=admin
29
  ENV KEYCLOAK_ADMIN_PASSWORD=admin
30
 
31
- # Start Keycloak with HTTPS only on port 7860
32
  ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start", \
33
  "--https-port=7860", \
34
- "--https-certificate-file=/opt/keycloak/certs/cert.pem", \
35
- "--https-certificate-key-file=/opt/keycloak/certs/key.pem", \
36
  "--hostname-strict=false", \
37
  "--hostname-strict-https=false", \
38
  "--db=dev-mem"]
 
12
  # Copy built Keycloak
13
  COPY --from=builder /opt/keycloak/ /opt/keycloak/
14
 
15
+ # Install keytool (comes with JDK, already available in image)
16
+ USER root
17
 
18
+ # Generate self-signed JKS keystore
 
19
  RUN mkdir -p /opt/keycloak/certs && \
20
+ keytool -genkeypair \
21
+ -alias selfsigned \
22
+ -keyalg RSA \
23
+ -keysize 2048 \
24
+ -storetype JKS \
25
+ -keystore /opt/keycloak/certs/keystore.jks \
26
+ -storepass changeit \
27
+ -keypass changeit \
28
+ -validity 365 \
29
+ -dname "CN=localhost, OU=Dev, O=POC, L=Nowhere, ST=None, C=XX"
30
+
31
+ # Change ownership
32
+ RUN chown -R 1000:0 /opt/keycloak/certs
33
 
34
  # Switch back to Keycloak user
35
  USER 1000
36
 
37
+ # Expose Hugging Face Space port
38
  EXPOSE 7860
39
 
40
+ # Admin credentials
41
  ENV KEYCLOAK_ADMIN=admin
42
  ENV KEYCLOAK_ADMIN_PASSWORD=admin
43
 
44
+ # Start Keycloak with HTTPS via JKS
45
  ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start", \
46
  "--https-port=7860", \
47
+ "--https-key-store-file=/opt/keycloak/certs/keystore.jks", \
48
+ "--https-key-store-password=changeit", \
49
  "--hostname-strict=false", \
50
  "--hostname-strict-https=false", \
51
  "--db=dev-mem"]