Update Dockerfile

Dockerfile

@@ -1,25 +1,40 @@
-# Use the official Keycloak image
+# -----------------
+# Build Keycloak
+# -----------------
 FROM quay.io/keycloak/keycloak:25.0.6 as builder
-
-# Build with in-memory database support
 RUN /opt/keycloak/bin/kc.sh build
 
-# Final lightweight image
+# -----------------
+# Final image
+# -----------------
 FROM quay.io/keycloak/keycloak:25.0.6
 
-# Copy the build artifacts
+# Copy built Keycloak
 COPY --from=builder /opt/keycloak/ /opt/keycloak/
 
-# Expose Hugging Face allowed port
+# Install openssl to generate self-signed certs
+USER root
+RUN microdnf install -y openssl && microdnf clean all
+
+# Generate self-signed cert
+RUN mkdir -p /opt/keycloak/certs && \
+    openssl req -x509 -newkey rsa:4096 -keyout /opt/keycloak/certs/key.pem -out /opt/keycloak/certs/cert.pem -days 365 -nodes -subj "/CN=localhost"
+
+# Switch back to Keycloak user
+USER 1000
+
+# Expose Hugging Face port
 EXPOSE 7860
 
-# Set environment variables for admin user
+# Set admin credentials
 ENV KEYCLOAK_ADMIN=admin
 ENV KEYCLOAK_ADMIN_PASSWORD=admin
 
-# Start Keycloak in production mode with dev-mem DB
+# Start Keycloak with HTTPS only on port 7860
 ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start", \
-    "--http-port=7860", \
+    "--https-port=7860", \
+    "--https-certificate-file=/opt/keycloak/certs/cert.pem", \
+    "--https-certificate-key-file=/opt/keycloak/certs/key.pem", \
     "--hostname-strict=false", \
     "--hostname-strict-https=false", \
-    "--db=dev-mem" ]
+    "--db=dev-mem"]