# Keycloak Einrichtung Keycloak mit Nextcloud # Installation Keycloak mit Docker ### Aufbau Docker Container ```yaml version: "3.7" services: sso: image: quay.io/keycloak/keycloak:22.0.1 container_name: "keycloak" volumes: - /etc/localtime:/etc/localtime:ro - ./keycloak.conf:/opt/keycloak/conf/keycloak.conf command: - start-dev environment: - KEYCLOAK_ADMIN=admin - KEYCLOAK_ADMIN_PASSWORD=changeme - PROXY_ADDRESS_FORWARDING=true - VIRTUAL_HOST=dev-keycloak.mydomain.com - VIRTUAL_PORT=8080 - LETSENCRYPT_HOST=dev-keycloak.mydomain.com - KC_DB_PASSWORD=changeme networks: - internal database: image: postgres:15 container_name: "postgres" environment: - POSTGRES_USER=keycloak - POSTGRES_DATABASE=keycloak - POSTGRES_PASSWORD=changeme volumes: - postgres_data:/var/lib/postgresql/data networks: - internal proxy: image: nginxproxy/nginx-proxy container_name: "nginx" ports: - "443:443" - "80:80" volumes: - conf:/etc/nginx/conf.d - vhost:/etc/nginx/vhost.d - html:/usr/share/nginx/html - certs:/etc/nginx/certs - /var/run/docker.sock:/tmp/docker.sock:ro networks: - internal acme-companion: image: nginxproxy/acme-companion container_name: "acme-proxy" environment: - DEFAULT_EMAIL= volumes_from: - proxy volumes: - certs:/etc/nginx/certs - acme:/etc/acme.sh - /var/run/docker.sock:/var/run/docker.sock:ro networks: - internal networks: internal: driver: bridge driver_opts: # Openstack spezifisch, kann auf 1500 gelassen werden wenn ihr auf # Bare Metal lauft. com.docker.network.driver.mtu: 1450 volumes: postgres_data: conf: vhost: html: certs: acme: ``` ### Aufbau Konfigurationsfiles docker-compose/keycloak.conf ```yaml proxy=edge db=postgres db-url-host=postgres db-user=keycloak db-password=changeme db-database=keycloak db-schema=public hostname-strict=false http-enabled=true ``` docker-compose/proxy.conf ```yaml # HTTP 1.1 support proxy_http_version 1.1; proxy_buffering off; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $proxy_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $proxy_x_forwarded_host; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl; proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port; proxy_set_header X-Original-URI $request_uri; ``` Überprüfen der Konfiguration ```bash docker exec -it keycloak /opt/keycloak/bin/kc.sh show-config ``` ![](https://matomo.unixweb.eth64.de/matomo.php?idsite=1&rec=1&action_name=keycloak1) # Konfiguration Keycloak Hinzufügen eines Client [![keycloak-administration-ui.png](https://wiki.unixweb.net/uploads/images/gallery/2023-11/scaled-1680-/keycloak-administration-ui.png)](https://wiki.unixweb.net/uploads/images/gallery/2023-11/keycloak-administration-ui.png) Hier die URL der Nextcloud eintragen. Bitte auf "/" und "/\*" beachten. [![keycloak-administration-ui-3.png](https://wiki.unixweb.net/uploads/images/gallery/2023-11/scaled-1680-/keycloak-administration-ui-3.png)](https://wiki.unixweb.net/uploads/images/gallery/2023-11/keycloak-administration-ui-3.png) Optionen beachten die aktiviert sein müssen. [![keycloak-administration-ui-4.png](https://wiki.unixweb.net/uploads/images/gallery/2023-11/scaled-1680-/keycloak-administration-ui-4.png)](https://wiki.unixweb.net/uploads/images/gallery/2023-11/keycloak-administration-ui-4.png) Hinzufügen der Client Roles [![cursor-und-keycloak-administration-ui.png](https://wiki.unixweb.net/uploads/images/gallery/2023-11/scaled-1680-/cursor-und-keycloak-administration-ui.png)](https://wiki.unixweb.net/uploads/images/gallery/2023-11/cursor-und-keycloak-administration-ui.png) [![keycloak-administration-ui-5.png](https://wiki.unixweb.net/uploads/images/gallery/2023-11/scaled-1680-/keycloak-administration-ui-5.png)](https://wiki.unixweb.net/uploads/images/gallery/2023-11/keycloak-administration-ui-5.png) Benutzer anlegen und "EMail verified" auf YES setzen. [![keycloak-administration-ui-8.png](https://wiki.unixweb.net/uploads/images/gallery/2023-11/scaled-1680-/keycloak-administration-ui-8.png)](https://wiki.unixweb.net/uploads/images/gallery/2023-11/keycloak-administration-ui-8.png) Passwort für neu angelegten Benutzer setzen. [![cursor-und-keycloak-administration-ui-7.png](https://wiki.unixweb.net/uploads/images/gallery/2023-11/scaled-1680-/cursor-und-keycloak-administration-ui-7.png)](https://wiki.unixweb.net/uploads/images/gallery/2023-11/cursor-und-keycloak-administration-ui-7.png) Einrichtung neuer Benutzer [![keycloak-administration-ui-6.png](https://wiki.unixweb.net/uploads/images/gallery/2023-11/scaled-1680-/keycloak-administration-ui-6.png)](https://wiki.unixweb.net/uploads/images/gallery/2023-11/keycloak-administration-ui-6.png) Client Secret wird bei Plugin Konfiguration Social Login "Geheime Zeichenkette des Clients" benötigt. [![keycloak-administration-ui-10.png](https://wiki.unixweb.net/uploads/images/gallery/2023-11/scaled-1680-/keycloak-administration-ui-10.png)](https://wiki.unixweb.net/uploads/images/gallery/2023-11/keycloak-administration-ui-10.png) Auf "OpenID Endpoint Configuration" klicken, dort werden die Pfade für die Nextcloud Koniguration angezeigt. Am besten geht das mit dem Firefox Browser, da dort das JSON File in lesbarer Ausgabe angezeigt wird. [![keycloak-administration-ui-9.png](https://wiki.unixweb.net/uploads/images/gallery/2023-11/scaled-1680-/keycloak-administration-ui-9.png)](https://wiki.unixweb.net/uploads/images/gallery/2023-11/keycloak-administration-ui-9.png) Ausgabe JSON-File [![mozilla-firefox-und-success.png](https://wiki.unixweb.net/uploads/images/gallery/2023-11/scaled-1680-/mozilla-firefox-und-success.png)](https://wiki.unixweb.net/uploads/images/gallery/2023-11/mozilla-firefox-und-success.png) ![](https://matomo.unixweb.eth64.de/matomo.php?idsite=1&rec=1&action_name=keycloak2) # Konfiguration Nextcloud Installation Social Login Plugin in Nextcloud [![deine-apps-apps-apps-nextcloud.png](https://wiki.unixweb.net/uploads/images/gallery/2023-11/scaled-1680-/deine-apps-apps-apps-nextcloud.png)](https://wiki.unixweb.net/uploads/images/gallery/2023-11/deine-apps-apps-apps-nextcloud.png)Übernahme der URL's aus dem JSON-File [![mozilla-firefox-und-success.png](https://wiki.unixweb.net/uploads/images/gallery/2023-11/scaled-1680-/mozilla-firefox-und-success.png)](https://wiki.unixweb.net/uploads/images/gallery/2023-11/mozilla-firefox-und-success.png) Einrichtung und Konfiguration Nextcloud [![social-login-verwaltungs-einstellungen-nextcloud.png](https://wiki.unixweb.net/uploads/images/gallery/2023-11/scaled-1680-/social-login-verwaltungs-einstellungen-nextcloud.png)](https://wiki.unixweb.net/uploads/images/gallery/2023-11/social-login-verwaltungs-einstellungen-nextcloud.png) [![cursor-und-social-login-verwaltungs-einstellungen-nextcloud.png](https://wiki.unixweb.net/uploads/images/gallery/2023-11/scaled-1680-/cursor-und-social-login-verwaltungs-einstellungen-nextcloud.png)](https://wiki.unixweb.net/uploads/images/gallery/2023-11/cursor-und-social-login-verwaltungs-einstellungen-nextcloud.png) Testen und prüfen der Anmeldung mit Keycloak "Anmelden mit keycloak" anklicken. [![bildschirmfoto-2023-09-14-um-09-59-07.png](https://wiki.unixweb.net/uploads/images/gallery/2023-11/scaled-1680-/bildschirmfoto-2023-09-14-um-09-59-07.png)](https://wiki.unixweb.net/uploads/images/gallery/2023-11/bildschirmfoto-2023-09-14-um-09-59-07.png) ![](https://matomo.unixweb.eth64.de/matomo.php?idsite=1&rec=1&action_name=keycloak3)