Updated Readme. Public client in Keycloak
This commit is contained in:
@@ -16,17 +16,14 @@ docker network create okupamicoche
|
||||
cd docker/keycloak
|
||||
docker run --name okupamicoche-keycloak -p 8443:8443 -v $(pwd)/https:/etc/x509/https \
|
||||
-e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin --network=okupamicoche \
|
||||
-e KEYCLOAK_IMPORT=/tmp/realm.json -v $(pwd)/okupamicoche-realm-export.json:/tmp/realm.json quay.io/keycloak/keycloak:12.0.4
|
||||
-e KEYCLOAK_IMPORT=/tmp/realm.json -v $(pwd)/okupamicoche-realm-export.json:/tmp/realm.json quay.io/keycloak/keycloak:16.1.0
|
||||
```
|
||||
4. Go to https://localhost:8443/auth/admin/master/console and login with user=admin pass=admin
|
||||
5. In Clients -> synapse -> Credentials push Regenerate Secret and copy the secret
|
||||
6. Open docker/synapse/homeserver.yaml and paste the secret to client_secret variable (inside oidc_providers section)
|
||||
7. Build Synapse container
|
||||
4. Build Synapse container
|
||||
```
|
||||
cd docker/synape
|
||||
docker build -t okupamicoche-synapse .
|
||||
```
|
||||
8. Generate data folder for Synapse
|
||||
5. Generate data folder for Synapse
|
||||
```
|
||||
docker run -it --rm \
|
||||
--mount type=volume,src=synapse-data,dst=/data \
|
||||
@@ -34,14 +31,14 @@ docker run -it --rm \
|
||||
-e SYNAPSE_REPORT_STATS=no \
|
||||
okupamicoche-synapse generate
|
||||
```
|
||||
9. Run dockerized Synapse
|
||||
6. Run dockerized Synapse
|
||||
```
|
||||
docker run --name okupamicoche-synapse -p 8008:8008 --mount type=volume,src=synapse-data,dst=/data \
|
||||
-e SYNAPSE_CONFIG_PATH=/homeserver.yaml \
|
||||
-v $(pwd)/homeserver.yaml:/homeserver.yaml -v $(pwd)/okupamicoche-appservice.yaml:/okupamicoche-appservice.yaml \
|
||||
--network=okupamicoche okupamicoche-synapse
|
||||
```
|
||||
10. (Optional) Add keycloak certificate to local machine
|
||||
7. (Optional) Add keycloak certificate to local machine
|
||||
Some clients (Quaternion, Nheko) fail with self-signed certificates. You can install the root certificate
|
||||
(docker/synape/keycloak-root.crt) in you local machine. For example, in Linux:
|
||||
```
|
||||
@@ -56,6 +53,9 @@ sudo update-ca-certificates
|
||||
## Inspect containter
|
||||
`docker exec -t -i okupamicoche-synapse /bin/bash`
|
||||
|
||||
## Manage Keycloak
|
||||
Go to https://localhost:8443/auth/admin and login with user=admin pass=admin
|
||||
|
||||
# Renew/create SSL certificates for development
|
||||
1. Install mkcert from https://github.com/FiloSottile/mkcert
|
||||
2. Create and install CA root certificate
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -26,10 +26,8 @@ oidc_providers:
|
||||
- idp_id: keycloak
|
||||
idp_name: Keycloak
|
||||
issuer: "https://okupamicoche-keycloak:8443/auth/realms/okupamicoche"
|
||||
# client_id: "okupamicoche-frontend-angular"
|
||||
# client_secret: "PUBLIC-CLIENT-WITH-NO-PASSWORD"
|
||||
client_id: "synapse"
|
||||
client_secret: "c2900355-e9b0-421d-a328-7de04cdd0f1a"
|
||||
# client_secret: "PUBLIC-CLIENT-WITH-NO-PASSWORD"
|
||||
scopes: [ "openid", "profile" ]
|
||||
user_mapping_provider:
|
||||
config:
|
||||
|
||||
Reference in New Issue
Block a user