Keycloak: Difference between revisions
imported>Nix mNo edit summary |
imported>Riotbib No edit summary |
||
| Line 43: | Line 43: | ||
{ | { | ||
environment.noXlibs = false; | environment.noXlibs = false; | ||
} | |||
</nowiki>}} | |||
== Installation in subdirectory == | |||
Keycloak may be installed in a subdirectory of a domain. Thus you don't need to configure and expose a subdomain. For example with the following configuration, remember to edit <code>domain.tld</code>, reflecting your used domain. | |||
{{file|/etc/nixos/configuration.nix|nix|<nowiki> | |||
{ | |||
services.nginx = { | |||
enable = true; | |||
# enable recommended settings | |||
recommendedGzipSettings = true; | |||
recommendedOptimisation = true; | |||
recommendedTlsSettings = true; | |||
recommendedProxySettings = true; | |||
virtualHosts = { | |||
"domain.tld" = { | |||
forceSSL = true; | |||
enableACME = true; | |||
locations = { | |||
"/cloak/" = { | |||
proxyPass = "http://localhost:${toString config.services.keycloak.settings.http-port}/cloak/"; | |||
}; | |||
}; | |||
}; | |||
}; | |||
}; | |||
services.postgresql.enable = true; | |||
services.keycloak = { | |||
enable = true; | |||
database = { | |||
type = "postgresql"; | |||
createLocally = true; | |||
username = "keycloak"; | |||
passwordFile = "/etc/nixos/secrets/keycloak_psql_pass"; | |||
}; | |||
settings = { | |||
hostname = "domain.tld"; | |||
http-relative-path = "/cloak"; | |||
http-port = 38080; | |||
proxy = "passthrough"; | |||
http-enabled = true; | |||
}; | |||
}; | |||
} | } | ||
</nowiki>}} | </nowiki>}} | ||
Revision as of 13:26, 21 June 2022
Keycloak (Wikipedia) is identity and access management software, and can serve as an authentication server for applications (providing support for OpenID Connect, OAuth 2.0, and SAML.)
Keycloak is...
- covered in the NixOS manual
- packaged for Nix
- available as a NixOS service
- written in Java
- maintained by Red Hat
Troubleshooting
Installing on system without X11
If, when you perform:
nixos-rebuild switch
... you encounter errors like:
building Nix...
...
checking for CAIRO_BACKEND... no
configure: error: Package requirements (cairo-xlib >= 1.6) were not met:
No package 'cairo-xlib' found
...
error: build of '/nix/store/vfz...2a0-nixos-system-nixos-21.11pre322478.e4ef597edfd.drv' failed
... it would be because the package expects X11 to be installed. The environment.noXlibs NixOS option will specify to not require the X11 libraries:
/etc/nixos/configuration.nix
{ config, pkgs, ... }:
{
environment.noXlibs = false;
}
Installation in subdirectory
Keycloak may be installed in a subdirectory of a domain. Thus you don't need to configure and expose a subdomain. For example with the following configuration, remember to edit domain.tld, reflecting your used domain.
/etc/nixos/configuration.nix
{
services.nginx = {
enable = true;
# enable recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
virtualHosts = {
"domain.tld" = {
forceSSL = true;
enableACME = true;
locations = {
"/cloak/" = {
proxyPass = "http://localhost:${toString config.services.keycloak.settings.http-port}/cloak/";
};
};
};
};
};
services.postgresql.enable = true;
services.keycloak = {
enable = true;
database = {
type = "postgresql";
createLocally = true;
username = "keycloak";
passwordFile = "/etc/nixos/secrets/keycloak_psql_pass";
};
settings = {
hostname = "domain.tld";
http-relative-path = "/cloak";
http-port = 38080;
proxy = "passthrough";
http-enabled = true;
};
};
}