initial dockerfile and cloudinit

Dockerfile

+FROM quay.io/keycloak/keycloak:latest as builder
+
+# Enable health and metrics support
+ENV KC_HEALTH_ENABLED=true
+
+# Configure a database vendor
+ENV KC_DB=postgres
+
+WORKDIR /opt/keycloak
+# for demonstration purposes only, please make sure to use proper certificates in production instead
+RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore
+RUN /opt/keycloak/bin/kc.sh build
+
+FROM quay.io/keycloak/keycloak:latest
+COPY --from=builder /opt/keycloak/ /opt/keycloak/
+
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
\ No newline at end of file

cloudinit.yml

+#cloud-config
+
+# This is a cloud config that install most basic packages, and clones and prepares the git repo for the datacatalog
+# This should prepare everything that is possible, so that (after assigning the ip address and generating the static files) only docker-compose needs to be run
+
+# upgrade packages
+package_update: true
+package_upgrade: true
+
+# install relevant packages
+packages:
+  - python3
+  - python3-pip
+  - docker.io
+  - docker-compose
+
+# Add users to the system. Users are added after groups are added.
+
+users:
+  - name: cboettcher
+    gecos: Christian Böttcher
+    groups: sudo
+    shell: /bin/bash
+    sudo: ALL=(ALL) NOPASSWD:ALL
+    lock_passwd: true
+    ssh_authorized_keys:
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDrgXm/3kbHrgPuHrru2LCLxKBPNnZkwTSbaadkYm6N+EzE7GwVPcXorPReC+2SHT2e8YnczcjHMcazmf7VWmHAQVV3fGrZiQtk+xTjXt3tC+Rm2zuqB4vvJcR5DXXomMMRJwG3sk/PcozvFfKFv6P7bbHxKOR090o4krM3mE2Vo43EnsBaPUS8cWI2EkhcR4gAJHhreFHbIS+nrFaJydfmzfwHNE1WjjtfIBA0U8ld2tk8eelMUjvkWrYXK+qqdaUKL0n/wVMo8D/Kl1lNGKym8LE6ZiojjEX0Aq0ajSHyyEWGscJunv/tJkrrOX2C4jd9pGEP6d0YyAunimsT1glv cboet@Desktop-CB
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCRsldcJ7kiksXTn2hivYfZ+Y9gziBWaMPpfVPNVlPi5XizbMurXAPQ3gUbBTDRp+Plf5LiXAfFNBdPTACb5ymFhIUKj/3sJhxc92uvJktLyjObAZ74ImBzDhVwGzs/cKhWc2otFgyMwrfPuIxdarCiLTjmG+dZ0a+IZbWta241kc3qBPjuqKK/LSZOK/Jx9Dl4rURs780GdcoA7Q2r6I6Bq8m0Cpfl2Otwi5Vr4d6hxWrl8D100ssLctn4FlL4SzVHPyZJVNeFJYQv1boJwldHBST8tJ0r0KC1V5CboB+Rdh1b/Qy1y6l/y9fPX+axFSGIIxSb6egRSwcE89f3kCC1 cboettcher@zam024
+
+
+  - name: maria
+    gecos: Maria Petrova-El Sayed
+    groups: sudo
+    shell: /bin/bash
+    sudo: ALL=(ALL) NOPASSWD:ALL
+    lock_passwd: true
+    ssh_authorized_keys:
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDUNFmYnaZ1raXQm04/mfdoBfn4i6xYknic2nhGDOrkhp5r6kv4F1m7wgtuL/pddRKuEoQpiXjRWciEMljFmxvVc7+9VitsAn5zBsnzY9+Sq9+si5aKe93RK8JGLX/WsfZGnPMdKPkK2GO9LFJN4TyL9hTpFdFQfxtO82NIa3WikG4RI+WQuKeQ4qr8FHNymr+gHTw/+YaM9331xnM5YqkmOC27CvVtiQx96MNMAyMQ8RJcHy1GL8donTBL+knVZdIwGt4SUy9dIF8iwTXGFkLe8V7/DIEB7RW9gvk2sG3YPo2eq56HsQKAB3yre+5QFhmH/uqUnTKVFgZLqlDUC0duFOwALCRmlEgtOeZqOzRBa6a0RveTIfccMb48ac4FpeeJdo4KId1QO1JaEZ8fYKgRVw3xRuOjDMpxCFuxELpSvx/hd1jgrK9lRizH9DXNf5/5Go2O16hj8LPufBbhX2EiChjWJEJkoRWBhQ3UHmstbqRiuNU/MsHq0FPSHMHV6BU= maria@jsc-strela
+
+  - name: jj
+    gecos: Jedrzej Rybicki
+    groups: sudo
+    shell: /bin/bash
+    sudo: ALL=(ALL) NOPASSWD:ALL
+    lock_passwd: true
+    ssh_authorized_keys:
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxPi4EYQLBxFOECG3m8/yv4Qq0iByEirxoVBM/BkR3nbVrCLCB7L+gKKgLL36jOnkZKHyXRcRA94or8sUHrIRKH3o4ubnCKK/j2MEojGOj90QJiV5VaZ0jaHpo8IxKuYBZQR95B+l5Jpfn02nIEq0C7pdDmuV73Igl07eakmn07EFezWKzMDFcTfU5KLx/OyTYgNfVBTUqwc0nUEKqSe/b0WmY34nHnIXDPjg+eXNDMQrAl6j8cVUeJs57lZFdDNTacoZCune3z1UZ4N3X+rQvdvZ04GjAJPAlYaaJ21eeIrAyt65A1H3bT8OFfU5vK9Fi+2uA0yqFgCooDrUQFsdF
+
+
+  - name: keycloak
+    gecos: Common user for running the keycloak server
+    groups: sudo
+    sudo: ALL=(ALL) NOPASSWD:ALL
+    lock_passwd: true
+    ssh_authorized_keys:
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQMbfKUO3NoZspgWpzFY+SwY5Tx251oBT/F22pmnqKq3A0U1EcRooYVc11HzDmLrDTkoLSWAYPuv7I8weKqUPMlypXygu7I1kw1JoAZ4veV/TO8kBIb8+fUjD4VnD0EuU9/MD4rc0IazlInUu/5H2oDj4cj3XGoOFHAPRvo1YXF2eEbXgHcos5o52idZfvZPeWmk4wLqWUI+4q1C5o+c9xGxdWkA0Z6cErw5jSfaqIMu9GnsaPE8dDZ89vtNu8kRK97/Ax0qmJ8eLBfv3qm2HnqACRUv1MRLS/s9KsdB18DV6dTn8VuErJsn9rlpx/2oEMVS5lkUSLTJHf7oNVKDtILQ/rQ2tF/f3LakmiViA4ZsWxFspP0T/sXPhjuCgEqGWG8HrJwFj8DByMpoJUsGe1czAiMdoY5Tr7UeIgK7BGaGjoVUFaVrCKlDpDNhYsHopSTTNajVxsb0LkTRIRphGlQTHlD3nDYdHIrgZiLqA1XLtTTXtWNzQ4uE59tAkIzdTK7RSBduHunqx++IEO6Huj49Vvk1vcO33iqFTTZro1vhZ2kEGxAkxNMti+/eT2rvyfkhsXaUH1/7LXvRrR+pFKcXBpaWWeEt8cOiVrMWAPDi9VRh5QPZbJ1tyTq7XzxeaQuJhL22o2BO13ZSRzr1S+UNFcmfk3esruZoxDIiQ+Bw== apiserver@gitlab
+
+write_files:
+  - path: /etc/docker/daemon.json
+    permission: 0744
+    owner: root
+    content: |
+      {
+        "data-root": "/persistent_data/docker_volumes"
+      }
+
+
+runcmd:
+  - echo "Downloading latest version of docker-compose"
+  - sudo pip3 install docker-compose
+  - touch /finished_cloudinit
+
+final_message: "The system is finally up, after $UPTIME seconds"
\ No newline at end of file

docker-compose.yml

+version: "3.7"
+
+services:
+
+    reverse-proxy:
+        image: "jwilder/nginx-proxy:alpine"
+        container_name: "reverse-proxy"
+        volumes:
+            - "html:/usr/share/nginx/html"
+            - "dhparam:/etc/nginx/dhparam"
+            - "vhost:/etc/nginx/vhost.d"
+            - "certs:/etc/nginx/certs"
+            - "/run/docker.sock:/tmp/docker.sock:ro"
+            - "./hide_admin_location:/etc/nginx/vhost.d/zam10045.zam.kfa-juelich.de"
+        restart: "always"
+        networks: 
+            - "net"
+        ports:
+            - "80:80"
+            - "443:443"
+
+    #letsencrypt:
+    #    image: "jrcs/letsencrypt-nginx-proxy-companion:latest"
+    #    container_name: "letsencrypt-helper"
+    #    volumes:
+    #        - "html:/usr/share/nginx/html"
+    #        - "dhparam:/etc/nginx/dhparam"
+    #        - "vhost:/etc/nginx/vhost.d"
+    #        - "certs:/etc/nginx/certs"
+    #        - "/run/docker.sock:/var/run/docker.sock:ro"
+    #    environment:
+    #        NGINX_PROXY_CONTAINER: "reverse-proxy"
+    #        DEFAULT_EMAIL: "c.boettcher@fz-juelich.de"
+    #    restart: "always"
+    #    depends_on:
+    #        - "reverse-proxy"
+    #    networks: 
+    #        - "net"
+
+    postgres:
+        image: postgres:13
+        environment:
+          POSTGRES_USER: keycloak
+          POSTGRES_PASSWORD: keycloak
+          POSTGRES_DB: keycloak
+        volumes:
+          - db-volume:/var/lib/postgresql/data
+        restart: always
+        networks: 
+            - "net"
+    
+    keycloak:
+        image: mykeycloak
+        container_name: keycloak
+        restart: unless-stopped
+        environment:
+          KC_DB_URL: postgres
+          KC_DB_USERNAME: keycloak
+          KC_DB_PASSWORD: keycloak
+          KC_HOSTNAME: localhost
+          VIRTUAL_HOST: zam10045.zam.kfa-juelich.de
+          LETSENCRYPT_HOST: zam10045.zam.kfa-juelich.de
+          VIRTUAL_PORT: 8080
+
+        command: |
+          start --optimized --proxy edge --hostname-strict=false
+        ports:
+          - 8080:8080 # http nginx
+        depends_on:
+          - postgres
+        networks: 
+            - "net"
+
+volumes:
+    certs:
+      external: true
+      name: persistent_certs
+    html:
+    vhost:
+    dhparam:
+    db-volume:
+      external: true
+      name: persistent_db-volume
+    
+networks:
+    net:
+      external: true
+       
+

hide_admin_location

+location /(admin|welcome|metrics|health)/ {
+    deny all;
+    return 404;
+}
\ No newline at end of file