Fixes in the Keycloak settings

docker-compose.yml

@@ -10,6 +10,7 @@ services:
 
   keycloak:
     image: keycloak/keycloak:25.0
+    entrypoint: /usr/local/bin/entrypoint.sh
     restart: unless-stopped
     environment:
       KC_DB: postgres
@@ -29,8 +30,11 @@ services:
       KC_HEALTH_ENABLED: "true"
       KEYCLOAK_ADMIN: admin
       KEYCLOAK_ADMIN_PASSWORD: "${KEYCLOAK_ADMIN_PASSWORD:-admin}"
+
+      EXTERNAL_ORIGIN: "${EXTERNAL_ORIGIN:-http://localhost:9080}"
     volumes:
-      - ./docker/keycloak-realm.json:/opt/keycloak/data/import/realm.json:ro
+      - ./docker/keycloak-realm.json:/etc/keycloak/realm.json:ro
+      - ./docker/keycloak-entrypoint.sh:/usr/local/bin/entrypoint.sh
     command: ["start", "--import-realm"]
     depends_on:
       - postgres

docker/keycloak-entrypoint.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+set -e
+
+mkdir -p /opt/keycloak/data/import
+sed /etc/keycloak/realm.json \
+  -e 's,{EXTERNAL_ORIGIN},'"$EXTERNAL_ORIGIN"',g' \
+  > /opt/keycloak/data/import/realm.json
+
+exec /opt/keycloak/bin/kc.sh "$@"

docker/keycloak-realm.json

@@ -34,8 +34,8 @@
       "clientId": "ozma",
       "enabled": true,
       "clientAuthenticatorType": "client-secret",
-      "redirectUris": ["http://localhost:9000/auth_response"],
-      "webOrigins": ["http://localhost:9000"],
+      "redirectUris": ["{EXTERNAL_ORIGIN}/auth_response"],
+      "webOrigins": ["{EXTERNAL_ORIGIN}"],
       "standardFlowEnabled": true,
       "implicitFlowEnabled": false,
       "directAccessGrantsEnabled": false,
@@ -50,8 +50,8 @@
       "clientId": "ozma-report-generator",
       "enabled": true,
       "clientAuthenticatorType": "client-secret",
-      "redirectUris": ["http://localhost:9000/report-generator/signin-oidc"],
-      "webOrigins": ["http://localhost:9000"],
+      "redirectUris": ["{EXTERNAL_ORIGIN}/report-generator/signin-oidc"],
+      "webOrigins": ["{EXTERNAL_ORIGIN}"],
       "standardFlowEnabled": true,
       "implicitFlowEnabled": false,
       "directAccessGrantsEnabled": false,