90 lines
3.3 KiB
Django/Jinja
90 lines
3.3 KiB
Django/Jinja
|
|
http-relative-path={{ keycloak_http_relative_path }}
|
|
http-enabled={{ keycloak_http_enabled }}
|
|
http-host={{ keycloak_listen }}
|
|
http-port={{ keycloak_http_port }}
|
|
|
|
{% if not keycloak_optimize_build_at_startup %}
|
|
optimized=true
|
|
{% endif %}
|
|
|
|
{% if keycloak_upgrade_db_at_startup %}
|
|
spi-connections-jpa-default-migration-strategy=update
|
|
{% endif %}
|
|
|
|
# Database
|
|
# The database vendor.
|
|
db={{ keycloak_db_vendor }}
|
|
# The username of the database user.
|
|
db-username={{ keycloak_database_user }}
|
|
# The password of the database user.
|
|
db-password={{ keycloak_database_password }}
|
|
# The full database JDBC URL. If not provided, a default URL is set based on the selected database vendor.
|
|
db-url=jdbc:postgresql://{{ keycloak_database_host }}/{{ keycloak_database_name }}
|
|
|
|
# Observability
|
|
# If the server should expose metrics and healthcheck endpoints.
|
|
health-enabled={{ keycloak_metrics_and_health_checks_enabled }}
|
|
metrics-enabled={{ keycloak_metrics_and_health_checks_enabled }}
|
|
|
|
{% if keycloak_https_enabled %}
|
|
# HTTPS
|
|
# The file path to a server certificate or certificate chain in PEM format.
|
|
https-certificate-file={{ keycloak_conf_directory }}/server.crt.pem
|
|
# The file path to a private key in PEM format.
|
|
https-certificate-key-file={{ keycloak_conf_directory }}/server.key.pem
|
|
https-protocols={{ keycloak_https_protocols }}
|
|
https-port={{ keycloak_https_port }}
|
|
{% endif %}
|
|
|
|
{% if keycloak_behind_reverse_proxy %}
|
|
{% if keycloak_version is version_compare('22.0.0', '<') %}
|
|
proxy=reencrypt
|
|
{% else %}
|
|
# The proxy address forwarding mode if the server is behind a reverse proxy.
|
|
proxy-headers={{ keycloak_reverse_proxy_type }}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
{% if keycloak_set_hostname %}
|
|
# Hostname for the Keycloak server.
|
|
hostname={{ keycloak_hostname }}
|
|
{% endif %}
|
|
|
|
{% if keycloak_disabled_features | length %}
|
|
features-disabled={% for dis in keycloak_disabled_features %}{{ dis }}{% if not loop.last %},{% endif %}{% endfor %}{% endif %}
|
|
|
|
{% if keycloak_preview_features | length %}features={% for feat in keycloak_preview_features %}{{ feat }}{% if not loop.last %},{% endif %}{% endfor %}{% endif %}
|
|
|
|
{% if keycloak_external_avatar_dir_enabled %}
|
|
spi-avatar-storage-avatar-storage-file-avatar-folder={{ keycloak_external_avatar_dir }}
|
|
{% endif %}
|
|
|
|
{% if keycloak_s3_avatar_enabled %}
|
|
spi-avatar-storage-avatar-storage-s3-server-url={{ keycloak_s3_avatar_url }}
|
|
spi-avatar-storage-avatar-storage-s3-access-key={{ keycloak_s3_avatar_key }}
|
|
spi-avatar-storage-avatar-storage-s3-secret-key={{ keycloak_s3_avatar_secret }}
|
|
spi-avatar-storage-avatar-storage-s3-root-bucket={{ keycloak_s3_avatar_bucket }}
|
|
{% endif %}
|
|
|
|
{% if keycloak_cluster %}
|
|
# Do not attach route to cookies and rely on the session affinity capabilities from reverse proxy
|
|
spi-sticky-session-encoder-infinispan-should-attach-route={{ keycloak_reverse_proxy_infinispan_attach_route }}
|
|
cache={{ keycloak_cache_type }}
|
|
# cache-stack={{ keycloak_cache_stack }}
|
|
cache-config-file={{ keycloak_conf_directory }}/cache-ispn.xml
|
|
{% endif %}
|
|
# Logging
|
|
log={{ keycloak_log_handlers }}
|
|
log-console-format={{ keycloak_log_console_format }}
|
|
log-console-output={{ keycloak_log_console_output }}
|
|
log-file={{ keycloak_log_file }}
|
|
log-file-format={{ keycloak_log_file_format }}
|
|
log-level={{ keycloak_log_level }}
|
|
|
|
# Additional properties
|
|
{% for keycloak_prop in keycloak_additional_properties %}
|
|
{{ keycloak_prop }}
|
|
{% endfor %}
|
|
|