Setup Keycloak with PostgreSQL and custom Docker networks

- Configured Keycloak service with environment variables for flexibility.
- Set up PostgreSQL database for Keycloak with persistent volume.
- Added health checks for Keycloak and PostgreSQL services to ensure reliability.
- Mounted SSL certificates for secure HTTPS access to Keycloak.
- Defined separate Docker networks:
  - `frontend_net` for external access through NGINX Proxy Manager.
  - `keycloak_net` for isolated communication between Keycloak and PostgreSQL.
- Optimized settings for compatibility with Keycloak's hostname configuration.
- Used development mode (`start-dev`) for testing, with plans to switch to production (`start-prod`) later.
- Ensured no conflicts with predefined Docker subnets.

src/docker/docker-compose.yml

@@ -1,170 +1,72 @@
 version: '3.8'
 
 services:
-  paperless:
-    image: paperlessngx/paperless-ngx
-    container_name: paperless
-    ports:
-      - "8000:8000"
-    volumes:
-      - ../data/paperless:/usr/src/paperless/data
-    environment:
-      - PAPERLESS_DEBUG=false
-      - PAPERLESS_REDIS=redis://redis:6379
-      - PAPERLESS_SECRET_KEY=${PAPERLESS_SECRET_KEY}
-      - PAPERLESS_DB_USER=${PAPERLESS_DB_USER}
-      - PAPERLESS_DB_PASSWORD=${PAPERLESS_DB_PASSWORD}
-      - ALLOWED_HOSTS=docs.mrx8086.com,localhost,127.0.0.1
-      - PAPERLESS_CSRF_COOKIE_SECURE=True
-      - PAPERLESS_CSRF_TRUSTED_ORIGINS=https://docs.mrx8086.com
-    depends_on:
-      - redis
-
-  redis:
-    image: redis:alpine
-    container_name: redis
-    expose:
-      - "6379"
-
-  nextcloud:
-    image: nextcloud
-    container_name: nextcloud
-    ports:
-      - "8080:80"
-    volumes:
-      - ../data/nextcloud:/var/www/html
-    environment:
-      - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER}
-      - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD}
-    depends_on:
-      - nextcloud_db
-
-  nextcloud_db:
-    image: mariadb:latest
-    container_name: nextcloud_db
-    environment:
-      - MYSQL_ROOT_PASSWORD=${NEXTCLOUD_DB_ROOT_PASSWORD}
-      - MYSQL_DATABASE=${NEXTCLOUD_DB_DATABASE}
-      - MYSQL_USER=${NEXTCLOUD_DB_USER}
-      - MYSQL_PASSWORD=${NEXTCLOUD_DB_PASSWORD}
-    volumes:
-      - ../data/nextcloud_db:/var/lib/mysql
-
-  kimai_db:
-    image: mysql:8.3
-    volumes:
-      - mysql:/var/lib/mysql
-    environment:
-      - MYSQL_DATABASE=${KIMAI_DB_DATABASE}
-      - MYSQL_USER=${KIMAI_DB_USER}
-      - MYSQL_PASSWORD=${KIMAI_DB_PASSWORD}
-      - MYSQL_ROOT_PASSWORD=${KIMAI_DB_ROOT_PASSWORD}
-    command: --default-storage-engine innodb
-    restart: unless-stopped
-    healthcheck:
-      test: mysqladmin -p${KIMAI_DB_ROOT_PASSWORD} ping -h localhost
-      interval: 20s
-      start_period: 10s
-      timeout: 10s
-      retries: 3
-
-  kimai:
-    image: kimai/kimai2:apache
-    volumes:
-      - data:/opt/kimai/var/data
-      - plugins:/opt/kimai/var/plugins
-    ports:
-      - 8001:8001
-    environment:
-      - ADMINMAIL=${KIMAI_ADMIN_EMAIL}
-      - ADMINPASS=${KIMAI_ADMIN_PASSWORD}
-      - "DATABASE_URL=mysql://${KIMAI_DB_USER}:${KIMAI_DB_PASSWORD}@kimai_db/${KIMAI_DB_DATABASE}?charset=utf8mb4&serverVersion=8.3.0"
-    restart: unless-stopped
-
-  n8n:
-    image: n8nio/n8n
-    container_name: n8n
-    environment:
-      - N8N_BASIC_AUTH_ACTIVE=true
-      - N8N_BASIC_AUTH_USER=${N8N_USER}
-      - N8N_BASIC_AUTH_PASSWORD=${N8N_PASSWORD}
-      - N8N_HOST=n8n
-      - N8N_PORT=5678
-      - N8N_PROTOCOL=http
-      - WEBHOOK_URL=http://localhost:5678/
-    ports:
-      - "5678:5678"
-    volumes:
-      - ../data/n8n:/root/.n8n
-    depends_on:
-      - kimai
-      - nextcloud
-      - paperless
-
+#===============================================================================================
+#         keycloak
+#===============================================================================================
   keycloak:
     image: quay.io/keycloak/keycloak:latest
     container_name: keycloak
     environment:
-      - KEYCLOAK_ADMIN=${KEYCLOAK_ADMIN_USER}
-      - KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD}
-      - KC_DB=postgres
+      - KEYCLOAK_ADMIN=${KEYCLOAK_ADMIN_USER}                         # Default admin username
+      - KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD}            # Default admin password
+      - KC_DB=${KEYCLOAK_DB_TYPE}                                     # Database type
       - KC_DB_URL=jdbc:postgresql://keycloak_db:5432/${KEYCLOAK_DB}
       - KC_DB_USERNAME=${KEYCLOAK_DB_USERNAME}
       - KC_DB_PASSWORD=${KEYCLOAK_DB_PASSWORD}
       - KC_HOSTNAME=auth.mrx8086.com
-      - KC_HTTPS_CERTIFICATE_FILE=/etc/x509/https/tls.crt   # Path to SSL cert
-      - KC_HTTPS_CERTIFICATE_KEY_FILE=/etc/x509/https/tls.key  # Path to SSL key
       - KC_HOSTNAME_STRICT_HTTPS=true
       - KC_PROXY=edge
+      - KC_HTTPS_CERTIFICATE_FILE=/etc/x509/https/fullchain.pem
+      - KC_HTTPS_CERTIFICATE_KEY_FILE=/etc/x509/https/privkey.pem
     ports:
-      - "8443:8443"  # Map Keycloak’s HTTPS port to the public port
+      - "8443:8443"                                                   # HTTPS access
     volumes:
-      - ../configs/certs/mrx8086.com.crt:/etc/x509/https/tls.crt  # Mount the SSL certificate
-      - ../configs/certs/mrx8086.com.key:/etc/x509/https/tls.key  # Mount the SSL key
+      - ../configs/certs/mrx8086.com/fullchain.pem:/etc/x509/https/fullchain.pem
+      - ../configs/certs/mrx8086.com/privkey.pem:/etc/x509/https/privkey.pem
     depends_on:
       - keycloak_db
-    command: start-dev
-
-
+    command: start-dev                                                # Development mode
+    healthcheck:
+      test: ["CMD", "curl", "-f", "https://localhost:8443/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+    networks:
+      frontend_net:
+      keycloak_net:
+#===============================================================================================
+#         keycloak_db
+#===============================================================================================
   keycloak_db:
     image: postgres:latest
     container_name: keycloak_db
     environment:
-      - POSTGRES_DB=${KEYCLOAK_DB}
-      - POSTGRES_USER=${KEYCLOAK_DB_USERNAME}
-      - POSTGRES_PASSWORD=${KEYCLOAK_DB_PASSWORD}
+      - POSTGRES_DB=${KEYCLOAK_DB}                                   # Database name
+      - POSTGRES_USER=${KEYCLOAK_DB_USERNAME}                        # Database username
+      - POSTGRES_PASSWORD=${KEYCLOAK_DB_PASSWORD}                    # Database password
     volumes:
       - ../data/keycloak_db:/var/lib/postgresql/data
-
-  npm:
-    image: jc21/nginx-proxy-manager
-    ports:
-      - "80:80"
-      - "81:81"  # Port für die GUI
-      - "443:443"
-    environment:
-      DB_SQLITE_FILE: "/data/database.sqlite"
-    volumes:
-      - ../data/npm:/data
-      - ../data/npm_letsencrypt:/etc/letsencrypt
-
-#  nginx:
-#    image: nginx:latest
-#    container_name: nginx
-#    ports:
-#      - "80:80"
-#      - "443:443"  # Enables HTTPS
-#    volumes:
-#      - ../configs/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
-#      - ../configs/certs:/etc/nginx/certs:ro  # SSL certificates
-#    depends_on:
-#      - paperless
-#      - nextcloud
-#      - kimai
-#      - n8n
-#      - keycloak
-
-volumes:
-  data:
-  mysql:
-  plugins:
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${KEYCLOAK_DB_USERNAME} -d ${KEYCLOAK_DB}"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+    networks:
+      keycloak_net:
+#===============================================================================================
+#         NETWORKS
+#===============================================================================================
+networks:
+  frontend_net:
+    driver: bridge        
+    ipam:
+      config:
+        - subnet: 172.18.0.0/24
+  keycloak_net:
+    driver: bridge
+    ipam:
+      config:
+        - subnet: 172.18.11.0/24
+  
+