Commit 826e4a7e authored by nono's avatar nono 💻
Browse files

Update of the keycloak installation

parent 09344823
---
# Variables for the keycloack installation
## Keycloak config
keycloak_version: "18.0.2"
keycloak_create_admin: false
## Security config
keycloak_log_directory: "/var/log/keycloak"
## Cerbot config
certbot_install_method: package
certbot_admin_email: "{{ sysadmin_email }}"
certbot_create_if_missing: True
certbot_create_method: standalone
certbot_certs:
- domains:
- sso.test.lqdn.fr
- stats.sso.test.lqdn.fr
certbot_auto_renew_options: '--webroot -w /var/www/letsencrypt && systemctl reload nginx'
certbot_auto_renew: true
## Nginx config
nginx_worker_processes: 2
nginx_vhosts:
- listen: "443 ssl http2"
server_name: "stats.sso.test.lqdn.fr"
access_log: "/var/log/nginx/stats_keycloak_access.log"
error_log: "/var/log/nginx/stats_keycloak_error.log"
state: "present"
template: "{{ nginx_vhost_template }}"
filename: "stats.sso.test.lqdn.fr.https.conf"
extra_parameters: |
location / {
proxy_buffering off;
proxy_set_header Referer $http_referer;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_pass http://127.0.0.1:9001;
proxy_redirect off;
}
location /.well-known/acme-challenge {
alias /var/www/letsencrypt/.well-known/acme-challenge;
}
ssl_certificate /etc/letsencrypt/live/stats.sso.test.lqdn.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/stats.sso.test.lqdn.fr/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
- listen: "443 ssl http2"
server_name: "sso.test.lqdn.fr"
access_log: "/var/log/nginx/keycloak_access.log"
error_log: "/var/log/nginx/keycloak_error.log"
state: "present"
template: "{{ nginx_vhost_template }}"
filename: "sso.test.lqdn.fr.https.conf"
extra_parameters: |
location / {
proxy_buffering off;
proxy_set_header Referer $http_referer;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_pass http://127.0.0.1:8080;
proxy_redirect off;
}
location /.well-known/acme-challenge {
alias /var/www/letsencrypt/.well-known/acme-challenge;
}
# location = / {
# return 301 "https://sso.test.lqdn.fr/auth/realms/lqdn/account";
# }
# location = /admin {
# return 301 "https://sso.test.lqdn.fr/auth/admin/";
# }
ssl_certificate /etc/letsencrypt/live/sso.test.lqdn.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sso.test.lqdn.fr/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
- listen: "80"
server_name: "sso.test.lqdn.fr"
access_log: "/var/log/nginx/keycloak_access.log"
error_log: "/var/log/nginx/keycloak_error.log"
state: "present"
template: "{{ nginx_vhost_template }}"
filename: "sso.test.lqdn.fr.http.conf"
extra_parameters: |
location / {
return 302 https://sso.test.lqdn.fr$request_uri;
}
# Node-exporter
node_exporter_version: "latest"
node_exporter_web_listen_address: "0.0.0.0:9100"
......@@ -4,13 +4,12 @@
## Keycloak config
keycloak_version: "15.1.0"
keycloak_version: "18.1.0"
keycloak_create_admin: false
keycloak_force_install: true
## Security config
keycloak_log_directory: "/opt/keycloak/keycloak-{{ keycloak_version }}/standalone/log"
keycloak_log_directory: "/var/log/keycloak"
## Cerbot config
......@@ -28,37 +27,37 @@ certbot_auto_renew: true
## Nginx config
nginx_vhosts:
# - listen: "443 ssl http2"
# server_name: "stats.sso.lqdn.fr"
# access_log: "/var/log/nginx/stats_keycloak_access.log"
# error_log: "/var/log/nginx/stats_keycloak_error.log"
# state: "present"
# template: "{{ nginx_vhost_template }}"
# filename: "stats.sso.lqdn.fr.https.conf"
# extra_parameters: |
# location / {
# proxy_buffering off;
# proxy_set_header Referer $http_referer;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Host $host;
# proxy_set_header X-Forwarded-Server $host;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Forwarded-Port $server_port;
# proxy_set_header Host $http_host;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection 'upgrade';
#
# proxy_pass http://127.0.0.1:9001;
# proxy_redirect off;
# }
# location /.well-known/acme-challenge {
# alias /var/www/letsencrypt/.well-known/acme-challenge;
# }
# ssl_certificate /etc/letsencrypt/live/stats.sso.lqdn.fr/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/stats.sso.lqdn.fr/privkey.pem;
# ssl_protocols TLSv1.1 TLSv1.2;
# ssl_ciphers HIGH:!aNULL:!MD5;
- listen: "443 ssl http2"
server_name: "stats.sso.lqdn.fr"
access_log: "/var/log/nginx/stats_keycloak_access.log"
error_log: "/var/log/nginx/stats_keycloak_error.log"
state: "present"
template: "{{ nginx_vhost_template }}"
filename: "stats.sso.lqdn.fr.https.conf"
extra_parameters: |
location / {
proxy_buffering off;
proxy_set_header Referer $http_referer;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_pass http://127.0.0.1:9001;
proxy_redirect off;
}
location /.well-known/acme-challenge {
alias /var/www/letsencrypt/.well-known/acme-challenge;
}
ssl_certificate /etc/letsencrypt/live/stats.sso.lqdn.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/stats.sso.lqdn.fr/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
- listen: "443 ssl http2"
server_name: "sso.lqdn.fr"
access_log: "/var/log/nginx/keycloak_access.log"
......
......@@ -101,20 +101,19 @@
# - ansible-role-mediawiki
# tags:
# - testing
# - wiki
# - wiki
# - name: SSO LQDN
# hosts: test
# remote_user: root
# roles:
# - security-lqdn
# - packages-lqdn
# - updates-lqdn
# - ansible-role-nginx
# - ansible-role-certbot
# - sso-lqdn
# tags:
# - sso
- name: SSO LQDN
hosts: test
remote_user: root
vars_files:
- group_vars/keycloak/keycloak-test.yml
roles:
- ansible-role-nginx
- ansible-role-certbot
- sso-lqdn
tags:
- sso
# - name: Wordpress LQDN
#
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment