ansible-role-keycloak/templates/keycloak.conf.j2

90 lines
3.3 KiB
Django/Jinja

http-relative-path={{ keycloak_http_relative_path }}
http-enabled={{ keycloak_http_enabled }}
http-host={{ keycloak_listen }}
http-port={{ keycloak_http_port }}
{% if not keycloak_optimize_build_at_startup %}
optimized=true
{% endif %}
{% if keycloak_upgrade_db_at_startup %}
spi-connections-jpa-default-migration-strategy=update
{% endif %}
# Database
# The database vendor.
db={{ keycloak_db_vendor }}
# The username of the database user.
db-username={{ keycloak_database_user }}
# The password of the database user.
db-password={{ keycloak_database_password }}
# The full database JDBC URL. If not provided, a default URL is set based on the selected database vendor.
db-url=jdbc:postgresql://{{ keycloak_database_host }}/{{ keycloak_database_name }}
# Observability
# If the server should expose metrics and healthcheck endpoints.
health-enabled={{ keycloak_metrics_and_health_checks_enabled }}
metrics-enabled={{ keycloak_metrics_and_health_checks_enabled }}
{% if keycloak_https_enabled %}
# HTTPS
# The file path to a server certificate or certificate chain in PEM format.
https-certificate-file={{ keycloak_conf_directory }}/server.crt.pem
# The file path to a private key in PEM format.
https-certificate-key-file={{ keycloak_conf_directory }}/server.key.pem
https-protocols={{ keycloak_https_protocols }}
https-port={{ keycloak_https_port }}
{% endif %}
{% if keycloak_behind_reverse_proxy %}
{% if keycloak_version is version_compare('22.0.0', '<') %}
proxy=reencrypt
{% else %}
# The proxy address forwarding mode if the server is behind a reverse proxy.
proxy-headers={{ keycloak_reverse_proxy_type }}
{% endif %}
{% endif %}
{% if keycloak_set_hostname %}
# Hostname for the Keycloak server.
hostname={{ keycloak_hostname }}
{% endif %}
{% if keycloak_disabled_features | length %}
features-disabled={% for dis in keycloak_disabled_features %}{{ dis }}{% if not loop.last %},{% endif %}{% endfor %}{% endif %}
{% if keycloak_preview_features | length %}features={% for feat in keycloak_preview_features %}{{ feat }}{% if not loop.last %},{% endif %}{% endfor %}{% endif %}
{% if keycloak_external_avatar_dir_enabled %}
spi-avatar-storage-avatar-storage-file-avatar-folder={{ keycloak_external_avatar_dir }}
{% endif %}
{% if keycloak_s3_avatar_enabled %}
spi-avatar-storage-avatar-storage-s3-server-url={{ keycloak_s3_avatar_url }}
spi-avatar-storage-avatar-storage-s3-access-key={{ keycloak_s3_avatar_key }}
spi-avatar-storage-avatar-storage-s3-secret-key={{ keycloak_s3_avatar_secret }}
spi-avatar-storage-avatar-storage-s3-root-bucket={{ keycloak_s3_avatar_bucket }}
{% endif %}
{% if keycloak_cluster %}
# Do not attach route to cookies and rely on the session affinity capabilities from reverse proxy
spi-sticky-session-encoder-infinispan-should-attach-route={{ keycloak_reverse_proxy_infinispan_attach_route }}
cache={{ keycloak_cache_type }}
# cache-stack={{ keycloak_cache_stack }}
cache-config-file={{ keycloak_conf_directory }}/cache-ispn.xml
{% endif %}
# Logging
log={{ keycloak_log_handlers }}
log-console-format={{ keycloak_log_console_format }}
log-console-output={{ keycloak_log_console_output }}
log-file={{ keycloak_log_file }}
log-file-format={{ keycloak_log_file_format }}
log-level={{ keycloak_log_level }}
# Additional properties
{% for keycloak_prop in keycloak_additional_properties %}
{{ keycloak_prop }}
{% endfor %}