Added example

Author: bjornol

.gitignore

@@ -0,0 +1,4 @@
+doc/
+*.deb
+*.lic
+*.ovpn

README.md

@@ -1,2 +1,97 @@
-# nginx_ssl_keycloak_mysql_redis-docker
-Handy docker compose example file that sets up a nginx_ssl_keycloak_mysql_redis-docker
+# Nginx_ssl_keycloak_mysql_redis-docker
+Handy docker compose example file that sets up a nginx_ssl_keycloak_mysql_redis as a service ready to use.
+This compose file is based on serveral other repos and online articles. This repos works as an example of use only.
+
+## Pre-Requirements
+Knowledge about all elements in the compose file before use.
+> Nginx and Let’s Encrypt it taken from this repo. You can find more information here https://github.com/wmnnd/nginx-certbot.
+
+> The `init-letsencrypt.sh` fetched from https://github.com/wmnnd/nginx-certbot has been slightly modefied in this example. 
+> In this example you can add domains from comand line, like this:
+   
+   - `./init-letsencrypt.sh [staging | production] <domain1 domain2 ...> `  
+
+> Note: In this example The mariadb is build from compose file to use timezone Europe/Oslo. Remove if not needed.
+
+## Handy styff
+This docker compose file sets up:
+    
+    - nginx with ssl sertificates
+        - Inclues config app.conf file but to be used as example only.
+        - based on some articles and repos
+            https://github.com/wmnnd/nginx-certbot
+            https://medium.com/@pentacent/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71
+
+    - Keycloak for authentication with custom "adminlte" login page
+        - based on some articles:
+            https://medium.com/@shivangbhandari/custom-themes-for-keycloak-631bdd3e04e5
+            https://www.mai1015.com/development/2019/05/05/docker-keycloak-proxy-behind-nginx/
+            https://www.keycloak.org/docs/4.8/authorization_services/
+            https://www.youtube.com/watch?v=XJYy6Aq-PJ8
+        - Example theme from:
+            https://github.com/MAXIMUS-DeltaWare/adminlte-keycloak-theme
+
+    - mysql with config
+        - Inclues config my.cnf file but to be used as example only. Remember to change my.cnf gile dependent of what kind of mariadb version you use.
+
+    - Redis
+
+
+## Run with ssl sertificates
+```
+# Run the docker compose
+docker-compose up -d --build
+
+# Init you sertificates
+# Depending on you user rights it could be that you have to give the user access to run the shell file.
+# Also use staging when testing or you will have to wait for a while between each run.
+# Example: chmod +x username:usergroup ./init-letsencrypt.sh
+./init-letsencrypt.sh [staging | production] <domain1 domain2 ...>
+
+```
+
+## Run without ssl sertificates ( local testing)
+```
+# Run the docker compose
+docker-compose -f docker-compose-without-ssl.yml up -d --build
+```
+
+## Test the stuff
+Examples below will help you test that stuff is running correctly.
+
+### Nginx test
+```
+# go to your browser:
+# expected result: web site opens
+http://127.0.0.1:8180
+```
+
+### Keycloak test
+```
+# go to your browser:
+# expected result: web site opens
+http://127.0.0.1:8180
+```
+Now, log in as admin and change the default theme for the one in this example:
+[![](screenshots/keycloak_theme_example_01.png)](screenshots/keycloak_theme_example_01.png) [![](screenshots/keycloak_theme_example_02.png)](screenshots/keycloak_theme_example_02.png) [![](screenshots/screen3_sm.png)](screenshots/screen3.png)
+
+### Monetdb test
+```
+# In command line:
+# expected result:
+# +--------------------+
+# | Database           |
+# +--------------------+
+# | information_schema |
+# | keycloak           |
+# +--------------------+
+docker exec -it mariadb mysql -ukeycloak -pkeycloak -e "SHOW DATABASES;"
+```
+
+### Redis test
+```
+# In command line:
+# expected result: < PONG
+docker exec -it redis redis-cli PING
+
+```

data/keycloak/themes/example/adminlte/login/error.ftl

@@ -0,0 +1,15 @@
+<#import "template.ftl" as layout>
+<@layout.registrationLayout displayMessage=false; section>
+    <#if section = "title">
+        ${msg("errorTitle")}
+    <#elseif section = "header">
+        ${msg("errorTitleHtml")?no_esc}
+    <#elseif section = "form">
+        <div id="kc-error-message">
+            <p class="instruction">${message.summary}</p>
+            <#if client?? && client.baseUrl?has_content>
+                <p><a id="backToApplication" href="${client.baseUrl}">${msg("backToApplication")}</a></p>
+            </#if>
+        </div>
+    </#if>
+</@layout.registrationLayout>

data/keycloak/themes/example/adminlte/login/login-config-totp.ftl

@@ -0,0 +1,35 @@
+<#import "template.ftl" as layout>
+<@layout.registrationLayout displayInfo=true; section>
+    <#if section = "title">
+        ${msg("loginTotpTitle")}
+    <#elseif section = "header">
+        ${msg("loginTotpTitle")}
+    <#elseif section = "form">
+<ol id="kc-totp-settings">
+    <li>
+        <p>${msg("loginTotpStep1")}</p>
+        </li>
+    <li>
+        <p>${msg("loginTotpStep2")}</p>
+        <img src="data:image/png;base64, ${totp.totpSecretQrCode}" alt="Figure: Barcode"><br/>
+        <span class="code">${totp.totpSecretEncoded}</span>
+        </li>
+    <li>
+        <p>${msg("loginTotpStep3")}</p>
+        </li>
+    </ol>
+    <form action="${url.loginAction}" class="form config-totp ${properties.kcFormClass!}" id="kc-totp-settings-form" method="post">
+        <div class="${properties.kcFormGroupClass!} row">
+            <div class="${properties.kcInputWrapperClass!} col-xs-12">
+                <input type="text" id="totp" name="totp" autocomplete="off" class="form-control ${properties.kcInputClass!}" />
+            </div>
+            <input type="hidden" id="totpSecret" name="totpSecret" value="${totp.totpSecret}" />
+        </div>
+        <div class="row config-totp-button-container">
+            <div class="col-xs-6 col-xs-offset-6 col-sm-4 col-sm-offset-8">
+                <input class="btn btn-primary btn-flat btn-block ${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" type="submit" value="${msg("doSubmit")}"/>
+            </div>
+        </div>
+    </form>
+    </#if>
+</@layout.registrationLayout>

data/keycloak/themes/example/adminlte/login/login-reset-password.ftl

@@ -0,0 +1,36 @@
+<#import "template.ftl" as layout>
+<@layout.registrationLayout displayInfo=true; section>
+    <#if section = "title">
+        ${msg("emailForgotTitle")}
+    <#elseif section = "header">
+        ${msg("emailForgotTitle")}
+    <#elseif section = "form">
+        <form id="kc-reset-password-form" class="form reset-password ${properties.kcFormClass!}" action="${url.loginAction}" method="post">
+            <div class="reset-password-field ${properties.kcFormGroupClass!}">
+                <div class="${properties.kcLabelWrapperClass!}">
+                    <label for="username" class="${properties.kcLabelClass!}"><#if !realm.loginWithEmailAllowed>${msg("username")}<#elseif !realm.registrationEmailAsUsername>${msg("usernameOrEmail")}<#else>${msg("email")}</#if></label>
+                </div>
+                <div class="${properties.kcInputWrapperClass!}">
+                    <input type="text" id="username" name="username" class="form-control ${properties.kcInputClass!}" autofocus/>
+                </div>
+            </div>
+
+            <div class="${properties.kcFormGroupClass!} row">
+                <div id="kc-form-options" class="${properties.kcFormOptionsClass!} col-xs-5">
+                    <div class="${properties.kcFormOptionsWrapperClass!}">
+                        <span>
+                            <a class="btn btn-default btn-flat btn-block" href="${url.loginUrl}"><i class="fa fa-caret-left"></i>&nbsp;&nbsp;${msg("backToLogin")}</a>
+                        </span>
+                    </div>
+                </div>
+
+                <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!} col-xs-7">
+                    <input class="btn btn-primary btn-flat btn-block ${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" type="submit" value="${msg("doSubmit")}"/>
+                </div>
+            </div>
+        </form>
+    <#elseif section = "info" >
+        <hr />
+        ${msg("emailInstruction")}
+    </#if>
+</@layout.registrationLayout>

data/keycloak/themes/example/adminlte/login/login-totp.ftl

@@ -0,0 +1,38 @@
+<#import "template.ftl" as layout>
+<@layout.registrationLayout; section>
+    <#if section = "title">
+        ${msg("loginTitle",realm.displayName)}
+    <#elseif section = "header">
+        ${msg("loginTitleHtml",realm.displayNameHtml)?no_esc}
+    <#elseif section = "form">
+        <form id="kc-totp-login-form" class="form totp ${properties.kcFormClass!}" action="${url.loginAction}" method="post">
+            <div class="${properties.kcFormGroupClass!}">
+                <div class="${properties.kcLabelWrapperClass!}">
+                    <label for="totp" class="${properties.kcLabelClass!}">${msg("loginTotpOneTime")}</label>
+                </div>
+
+                <div class="${properties.kcInputWrapperClass!}">
+                    <input id="totp" name="totp" autocomplete="off" type="text" class="form-control ${properties.kcInputClass!}" autofocus />
+                </div>
+            </div>
+
+            <div class="${properties.kcFormGroupClass!} totp-button-container">
+                <div id="kc-form-options" class="${properties.kcFormOptionsClass!}">
+                    <div class="${properties.kcFormOptionsWrapperClass!}">
+                    </div>
+                </div>
+
+                <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
+                    <div class="${properties.kcFormButtonsWrapperClass!} row">
+                        <div class="col-xs-6 col-xs-push-6 col-sm-8 col-sm-push-4">
+                            <input class="btn btn-primary btn-flat btn-block ${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" name="login" id="kc-login" type="submit" value="${msg("doLogIn")}"/>
+                        </div>
+                        <div class="col-xs-6 col-xs-pull-6 col-sm-4 col-sm-pull-8">
+                            <input class="btn btn-default btn-flat btn-block ${properties.kcButtonClass!} ${properties.kcButtonDefaultClass!} ${properties.kcButtonLargeClass!}" name="cancel" id="kc-cancel" type="submit" value="${msg("doCancel")}"/>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </form>
+    </#if>
+</@layout.registrationLayout>

data/keycloak/themes/example/adminlte/login/login-update-password.ftl

@@ -0,0 +1,42 @@
+<#import "template.ftl" as layout>
+<@layout.registrationLayout displayInfo=true; section>
+    <#if section = "title">
+        ${msg("updatePasswordTitle")}
+    <#elseif section = "header">
+        ${msg("updatePasswordTitle")}
+    <#elseif section = "form">
+        <form id="kc-passwd-update-form" class="form update-password ${properties.kcFormClass!}" action="${url.loginAction}" method="post">
+            <input type="text" readonly value="this is not a login form" style="display: none;">
+            <input type="password" readonly value="this is not a login form" style="display: none;">
+
+            <div class="update-password-field ${properties.kcFormGroupClass!}">
+                <div class="${properties.kcLabelWrapperClass!}">
+                    <label for="password-new" class="${properties.kcLabelClass!}">${msg("passwordNew")}</label>
+                </div>
+                <div class="${properties.kcInputWrapperClass!}">
+                    <input type="password" id="password-new" name="password-new" class="form-control ${properties.kcInputClass!}" autofocus autocomplete="off" />
+                </div>
+            </div>
+
+            <div class="update-password-field ${properties.kcFormGroupClass!}">
+                <div class="${properties.kcLabelWrapperClass!}">
+                    <label for="password-confirm" class="${properties.kcLabelClass!}">${msg("passwordConfirm")}</label>
+                </div>
+                <div class="${properties.kcInputWrapperClass!}">
+                    <input type="password" id="password-confirm" name="password-confirm" class="form-control ${properties.kcInputClass!}" autocomplete="off" />
+                </div>
+            </div>
+
+            <div class="${properties.kcFormGroupClass!} row update-password-button-container">
+                <div id="kc-form-options" class="${properties.kcFormOptionsClass!} col-xs-6 col-sm-8">
+                    <div class="${properties.kcFormOptionsWrapperClass!}">
+                    </div>
+                </div>
+
+                <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!} col-xs-6 col-sm-4">
+                    <input class="btn btn-primary btn-flat btn-block ${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" type="submit" value="${msg("doSubmit")}"/>
+                </div>
+            </div>
+        </form>
+    </#if>
+</@layout.registrationLayout>

data/keycloak/themes/example/adminlte/login/login-update-profile.ftl

@@ -0,0 +1,58 @@
+<#import "template.ftl" as layout>
+<@layout.registrationLayout; section>
+    <#if section = "title">
+        ${msg("loginProfileTitle")}
+    <#elseif section = "header">
+        ${msg("loginProfileTitle")}
+    <#elseif section = "form">
+        <form id="kc-update-profile-form" class="form update-profile ${properties.kcFormClass!}" action="${url.loginAction}" method="post">
+            <#if user.editUsernameAllowed>
+                <div class="update-profile-field ${properties.kcFormGroupClass!} ${messagesPerField.printIfExists('username',properties.kcFormGroupErrorClass!)}">
+                    <div class="${properties.kcLabelWrapperClass!}">
+                        <label for="username" class="${properties.kcLabelClass!}">${msg("username")}</label>
+                    </div>
+                    <div class="${properties.kcInputWrapperClass!}">
+                        <input type="text" id="username" name="username" value="${(user.username!'')}" class="form-control ${properties.kcInputClass!}"/>
+                    </div>
+                </div>
+            </#if>
+            <div class="update-profile-field ${properties.kcFormGroupClass!} ${messagesPerField.printIfExists('email',properties.kcFormGroupErrorClass!)}">
+                <div class="${properties.kcLabelWrapperClass!}">
+                    <label for="email" class="${properties.kcLabelClass!}">${msg("email")}</label>
+                </div>
+                <div class="${properties.kcInputWrapperClass!}">
+                    <input type="text" id="email" name="email" value="${(user.email!'')}" class="form-control ${properties.kcInputClass!}" />
+                </div>
+            </div>
+
+            <div class="update-profile-field ${properties.kcFormGroupClass!} ${messagesPerField.printIfExists('firstName',properties.kcFormGroupErrorClass!)}">
+                <div class="${properties.kcLabelWrapperClass!}">
+                    <label for="firstName" class="${properties.kcLabelClass!}">${msg("firstName")}</label>
+                </div>
+                <div class="${properties.kcInputWrapperClass!}">
+                    <input type="text" id="firstName" name="firstName" value="${(user.firstName!'')}" class="form-control ${properties.kcInputClass!}" />
+                </div>
+            </div>
+
+            <div class="update-profile-field ${properties.kcFormGroupClass!} ${messagesPerField.printIfExists('lastName',properties.kcFormGroupErrorClass!)}">
+                <div class="${properties.kcLabelWrapperClass!}">
+                    <label for="lastName" class="${properties.kcLabelClass!}">${msg("lastName")}</label>
+                </div>
+                <div class="${properties.kcInputWrapperClass!}">
+                    <input type="text" id="lastName" name="lastName" value="${(user.lastName!'')}" class="form-control ${properties.kcInputClass!}" />
+                </div>
+            </div>
+
+            <div class="${properties.kcFormGroupClass!} row update-profile-button-container">
+                <div id="kc-form-options" class="${properties.kcFormOptionsClass!}">
+                    <div class="${properties.kcFormOptionsWrapperClass!}">
+                    </div>
+                </div>
+
+                <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!} col-xs-6 xs-xs-offset-6 col-sm-4 col-sm-offset-8">
+                    <input class="btn btn-primary btn-flat btn-block ${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" type="submit" value="${msg("doSubmit")}" />
+                </div>
+            </div>
+        </form>
+    </#if>
+</@layout.registrationLayout>