➕(project) configure Keycloak server to support OIDC

Create a realm 'impress' and configure it to support
the authorization code flow.

Makefile

@@ -71,6 +71,7 @@ bootstrap: \
 	env.d/development/common \
 	env.d/development/crowdin \
 	env.d/development/postgresql \
+	env.d/development/kc_postgresql \
 	build \
 	run \
 	migrate \
@@ -96,6 +97,7 @@ run: ## start the wsgi (production) and development server
 	@$(COMPOSE) up --force-recreate -d nginx
 	@$(COMPOSE) up --force-recreate -d app-dev
 	@$(COMPOSE) up --force-recreate -d celery-dev
+	@$(COMPOSE) up --force-recreate -d keycloak
 	@echo "Wait for postgresql to be up..."
 	@$(WAIT_DB)
 .PHONY: run
@@ -201,6 +203,9 @@ env.d/development/common:
 env.d/development/postgresql:
 	cp -n env.d/development/postgresql.dist env.d/development/postgresql
 
+env.d/development/kc_postgresql:
+	cp -n env.d/development/kc_postgresql.dist env.d/development/kc_postgresql
+
 # -- Internationalization
 
 env.d/development/crowdin:

docker-compose.yml

@@ -92,11 +92,13 @@ services:
     image: nginx:1.25
     ports:
       - "8082:8082"
+      - "8083:8083"
     volumes:
       - ./docker/files/etc/nginx/conf.d:/etc/nginx/conf.d:ro
       - ./data/media:/data/media:ro
     depends_on:
       - app
+      - keycloak
 
   dockerize:
     image: jwilder/dockerize
@@ -133,3 +135,38 @@ services:
     working_dir: /app
     volumes:
       - ./src/terraform:/app
+
+  kc_postgresql:
+    image: postgres:14.3
+    ports:
+      - "5433:5432"
+    env_file:
+      - env.d/development/kc_postgresql
+
+  keycloak:
+    image: quay.io/keycloak/keycloak:20.0.1
+    volumes:
+      - ./docker/auth/realm.json:/opt/keycloak/data/import/realm.json
+    command:
+      - start-dev
+      - --features=preview
+      - --import-realm
+      - --proxy=edge
+      - --hostname-url=http://localhost:8083
+      - --hostname-admin-url=http://localhost:8083/
+      - --hostname-strict=false
+      - --hostname-strict-https=false
+    environment:
+      KEYCLOAK_ADMIN: admin
+      KEYCLOAK_ADMIN_PASSWORD: admin
+      KC_DB: postgres
+      KC_DB_URL_HOST: kc_postgresql
+      KC_DB_URL_DATABASE: keycloak
+      KC_DB_PASSWORD: pass
+      KC_DB_USERNAME: impress
+      KC_DB_SCHEMA: public
+      PROXY_ADDRESS_FORWARDING: 'true'
+    ports:
+      - "8080:8080"
+    depends_on:
+      - kc_postgresql

docker/files/etc/nginx/conf.d/default.conf

@@ -17,3 +17,15 @@ server {
 
 }
 
+server {
+    listen 8083;
+    server_name localhost;
+    charset utf-8;
+
+    location / {
+        proxy_pass http://keycloak:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}

env.d/development/kc_postgresql.dist

@@ -0,0 +1,11 @@
+# Postgresql db container configuration
+POSTGRES_DB=keycloak
+POSTGRES_USER=impress
+POSTGRES_PASSWORD=pass
+
+# App database configuration
+DB_HOST=kc_postgresql
+DB_NAME=keycloak
+DB_USER=impress
+DB_PASSWORD=pass
+DB_PORT=5433