name: auth

services:
  keycloak:
    image: ${AUTH_DOCKER_IMAGE}
    container_name: ${COMPOSE_PROJECT_NAME}_keycloak
    restart: unless-stopped
    environment:
      KC_DB: postgres
      KC_DB_URL: jdbc:postgresql://${DB_HOST}:${DB_PORT}/${AUTH_DB_NAME}
      KC_DB_USERNAME: ${DB_USER}
      KC_DB_PASSWORD: ${DB_PASSWORD}
      KC_DB_SCHEMA: public
      KC_HOSTNAME: https://${AUTH_TRAEFIK_HOST}
      KC_HTTP_ENABLED: true
      HTTP_ADDRESS_FORWARDING: true
      KC_BOOTSTRAP_ADMIN_USERNAME: admin
      KC_BOOTSTRAP_ADMIN_PASSWORD: ${AUTH_KC_ADMIN_PASSWORD}
      KC_PROXY: edge
      KC_FEATURES: docker
    command: start
    networks:
      - kompose_network
    labels:
      - 'traefik.enable=${AUTH_TRAEFIK_ENABLED}'
      - 'traefik.http.middlewares.${COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https'
      - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web.middlewares=${COMPOSE_PROJECT_NAME}-redirect-web-secure'
      - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web.rule=Host(`${AUTH_TRAEFIK_HOST}`)'
      - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web.entrypoints=web'
      - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${AUTH_TRAEFIK_HOST}`)'
      - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver'
      - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure'
      - 'traefik.http.middlewares.${COMPOSE_PROJECT_NAME}-web-secure-compress.compress=true'
      - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web-secure.middlewares=${COMPOSE_PROJECT_NAME}-web-secure-compress'
      - 'traefik.http.services.${COMPOSE_PROJECT_NAME}-web-secure.loadbalancer.server.port=8080'
      - 'traefik.docker.network=${NETWORK_NAME:-kompose}'

networks:
  kompose_network:
    name: ${NETWORK_NAME:-kompose}
    external: true