Spaces:

binary1ne
/

keycloak

Paused

binary1ne commited on Aug 28, 2025

Commit

632dfd4

verified ·

1 Parent(s): 1d6ffa8

Update Dockerfile

Files changed (1) hide show

Dockerfile CHANGED Viewed

@@ -1,17 +1,39 @@
-# -----------------------------
-# Keycloak  with in-memory DB (no persistence)
-# -----------------------------
-ARG KEYCLOAK_VERSION=25.0.6
-FROM quay.io/keycloak/keycloak:${KEYCLOAK_VERSION}
 ENV KEYCLOAK_ADMIN=admin \
     KEYCLOAK_ADMIN_PASSWORD=admin
-# Expose Hugging Face default port
 EXPOSE 7860
-# Start Keycloak in dev mode (in-memory DB, no Liquibase errors)
 ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
-# CMD ["start-dev", "--http-port=7860", "--hostname-strict=false", "--hostname=0.0.0.0"]
-CMD ["start-dev", "--http-port=7860", "--hostname-strict=false", "--hostname=binary1ne-keyclock.hf.space"]

+FROM quay.io/keycloak/keycloak:25.0.6 as builder
+# Build Keycloak with default options (H2 in-memory for POC)
+RUN /opt/keycloak/bin/kc.sh build
+FROM quay.io/keycloak/keycloak:25.0.6
+WORKDIR /opt/keycloak
+# Admin credentials
 ENV KEYCLOAK_ADMIN=admin \
     KEYCLOAK_ADMIN_PASSWORD=admin
+# Expose HTTPS port (7860 instead of 8443)
 EXPOSE 7860
+# Generate a self-signed certificate (Java keystore)
+RUN mkdir -p /opt/keycloak/certs && \
+    keytool -genkeypair \
+        -storepass password \
+        -keypass password \
+        -keyalg RSA \
+        -keysize 2048 \
+        -dname "CN=localhost" \
+        -alias keycloak \
+        -keystore /opt/keycloak/certs/keycloak.jks
+# Let KC_HOSTNAME be injected dynamically by environment / Kubernetes
+ENV KC_HOSTNAME=0.0.0.0
 ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
+# Run Keycloak HTTPS on 7860 with self-signed cert
+CMD ["start", \
+     "--https-port=7860", \
+     "--https-key-store-file=/opt/keycloak/certs/keycloak.jks", \
+     "--https-key-store-password=password", \
+     "--hostname-strict=false", \
+     "--hostname=${KC_HOSTNAME}"]