APervov/drill-keycloak
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add initial Keycloak setup with custom theme and Docker configuration

Browse Source 
- Created .env.example for environment variable configuration.
- Added .gitignore to exclude .env files.
- Introduced docker-compose files for Keycloak and Postgres services.
- Implemented custom Keycloak theme 'drill-luxe' with associated templates and styles.
- Updated README with deployment instructions and repository details.
This commit is contained in:
Первов Артем
2026-04-06 00:26:59 +03:00
commit af41f66bbe
12 changed files with 759 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.env.example Normal file
View File

@@ -0,0 +1,6 @@
POSTGRES_DB=keycloak
POSTGRES_USER=keycloak_user
POSTGRES_PASSWORD=r8f\i?71XPB2/tm
KC_BOOTSTRAP_ADMIN_USERNAME=kc_admin
KC_BOOTSTRAP_ADMIN_PASSWORD=wVMR6R/S3>q9I?
KC_PUBLIC_HOSTNAME=sso.greact.ru

1
.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
.env

25
README.md Normal file
View File

@@ -0,0 +1,25 @@
# Drill Keycloak
Этот репозиторий собирает кастомный образ Keycloak `26.0.8` с темой `drill-luxe` и разворачивает его через Portainer stack.
## Что внутри
- `docker-compose.portainer.yml` — compose для Portainer
- `keycloak/Dockerfile` — образ Keycloak с темой
- `keycloak/themes/drill-luxe` — кастомная login theme
- `.env.example` — шаблон переменных
## Важно
- volume `keycloak_postgres_data` сохранен как внешний, чтобы не потерять текущую базу данных
- после первого запуска выберите тему в Keycloak:
- `Realm settings`
- `Themes`
- `Login theme = drill-luxe`
## Развертывание через Portainer
1. Подключите этот Git-репозиторий как источник stack.
2. Укажите `docker-compose.portainer.yml`.
3. Добавьте переменные из `.env` в environment Portainer stack или загрузите env-файл.
4. Запустите redeploy.

61
docker-compose.portainer.yml Normal file
View File

@@ -0,0 +1,61 @@
services:
keycloak-postgres:
image: postgres:16
restart: unless-stopped
environment:
POSTGRES_DB: ${POSTGRES_DB}
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
PGDATA: /var/lib/postgresql/data/pgdata
expose:
- "5432"
networks:
- internal
volumes:
- keycloak_postgres_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"]
interval: 10s
timeout: 5s
retries: 10
start_period: 20s
keycloak:
build:
context: ./keycloak
dockerfile: Dockerfile
restart: unless-stopped
command: start
environment:
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://keycloak-postgres:5432/${POSTGRES_DB}
KC_DB_USERNAME: ${POSTGRES_USER}
KC_DB_PASSWORD: ${POSTGRES_PASSWORD}
KC_BOOTSTRAP_ADMIN_USERNAME: ${KC_BOOTSTRAP_ADMIN_USERNAME}
KC_BOOTSTRAP_ADMIN_PASSWORD: ${KC_BOOTSTRAP_ADMIN_PASSWORD}
KC_HOSTNAME: https://${KC_PUBLIC_HOSTNAME}
KC_HOSTNAME_STRICT: "true"
KC_HTTP_ENABLED: "true"
KC_PROXY_HEADERS: xforwarded
KC_METRICS_ENABLED: "true"
KC_HEALTH_ENABLED: "true"
expose:
- "8080"
- "9000"
networks:
- proxy
- internal
depends_on:
keycloak-postgres:
condition: service_healthy
volumes:
keycloak_postgres_data:
external: true
name: keycloak_postgres_data
networks:
proxy:
external: true
internal:
driver: bridge

61
docker-compose.yml Normal file
View File

@@ -0,0 +1,61 @@
services:
keycloak-postgres:
image: postgres:16
restart: unless-stopped
environment:
POSTGRES_DB: ${POSTGRES_DB}
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
PGDATA: /var/lib/postgresql/data/pgdata
expose:
- "5432"
networks:
- internal
volumes:
- keycloak_postgres_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"]
interval: 10s
timeout: 5s
retries: 10
start_period: 20s
keycloak:
build:
context: ./keycloak
dockerfile: Dockerfile
restart: unless-stopped
command: start
environment:
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://keycloak-postgres:5432/${POSTGRES_DB}
KC_DB_USERNAME: ${POSTGRES_USER}
KC_DB_PASSWORD: ${POSTGRES_PASSWORD}
KC_BOOTSTRAP_ADMIN_USERNAME: ${KC_BOOTSTRAP_ADMIN_USERNAME}
KC_BOOTSTRAP_ADMIN_PASSWORD: ${KC_BOOTSTRAP_ADMIN_PASSWORD}
KC_HOSTNAME: https://${KC_PUBLIC_HOSTNAME}
KC_HOSTNAME_STRICT: "true"
KC_HTTP_ENABLED: "true"
KC_PROXY_HEADERS: xforwarded
KC_METRICS_ENABLED: "true"
KC_HEALTH_ENABLED: "true"
expose:
- "8080"
- "9000"
networks:
- proxy
- internal
depends_on:
keycloak-postgres:
condition: service_healthy
volumes:
keycloak_postgres_data:
external: true
name: keycloak_postgres_data
networks:
proxy:
external: true
internal:
driver: bridge

3
keycloak/Dockerfile Normal file
View File

@@ -0,0 +1,3 @@
FROM quay.io/keycloak/keycloak:26.0.8
COPY themes/drill-luxe /opt/keycloak/themes/drill-luxe

51
keycloak/themes/drill-luxe/login/error.ftl Normal file
View File

@@ -0,0 +1,51 @@
<!DOCTYPE html>
<html class="${properties.kcHtmlClass!}" lang="${lang}">
<head>
<meta charset="utf-8">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<title>Drill View Error</title>
<#if properties.styles?has_content>
<#list properties.styles?split(' ') as style>
<link href="${url.resourcesPath}/${style}" rel="stylesheet" />
</#list>
</#if>
</head>
<body class="drill-login">
<main class="drill-login__shell">
<section class="drill-login__brand">
<div class="drill-login__brand-mark">D</div>
<div class="drill-login__brand-copy">
<span class="drill-login__eyebrow">Greact Drill</span>
<h1>Доступ временно недоступен</h1>
<p>
Keycloak вернул ошибку на этапе входа или перехода между защищёнными сервисами.
Ниже отображается текст ошибки от сервера авторизации.
</p>
</div>
</section>
<section class="drill-login__panel">
<div class="drill-login__panel-head">
<span class="drill-login__eyebrow">Authorization Error</span>
<h2>Ошибка авторизации</h2>
</div>
<div class="drill-login__alert drill-login__alert--error">
${message.summary!'Произошла ошибка авторизации.'}
</div>
<#if client?? && client.baseUrl?has_content>
<a class="drill-login__submit drill-login__submit-link" href="${client.baseUrl}">
<span>Вернуться в приложение</span>
</a>
<#else>
<a class="drill-login__submit drill-login__submit-link" href="${url.loginUrl}">
<span>Вернуться ко входу</span>
</a>
</#if>
</section>
</main>
</body>
</html>

55
keycloak/themes/drill-luxe/login/info.ftl Normal file
View File

@@ -0,0 +1,55 @@
<!DOCTYPE html>
<html class="${properties.kcHtmlClass!}" lang="${lang}">
<head>
<meta charset="utf-8">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<title>Drill View Notice</title>
<#if properties.styles?has_content>
<#list properties.styles?split(' ') as style>
<link href="${url.resourcesPath}/${style}" rel="stylesheet" />
</#list>
</#if>
</head>
<body class="drill-login">
<main class="drill-login__shell">
<section class="drill-login__brand">
<div class="drill-login__brand-mark">D</div>
<div class="drill-login__brand-copy">
<span class="drill-login__eyebrow">Greact Drill</span>
<h1>Состояние сессии обновлено</h1>
<p>
Этот экран используется для системных уведомлений Keycloak: завершение выхода,
подтверждение действий пользователя и другие служебные сообщения.
</p>
</div>
</section>
<section class="drill-login__panel">
<div class="drill-login__panel-head">
<span class="drill-login__eyebrow">System Notice</span>
<h2>Информация</h2>
</div>
<div class="drill-login__alert drill-login__alert--info">
${message.summary!'Операция выполнена.'}
</div>
<#if pageRedirectUri?has_content>
<a class="drill-login__submit drill-login__submit-link" href="${pageRedirectUri}">
<span>Продолжить</span>
</a>
<#elseif actionUri?has_content>
<a class="drill-login__submit drill-login__submit-link" href="${actionUri}">
<span>Продолжить</span>
</a>
<#else>
<a class="drill-login__submit drill-login__submit-link" href="${url.loginUrl}">
<span>Ко входу</span>
</a>
</#if>
</section>
</main>
</body>
</html>

66
keycloak/themes/drill-luxe/login/login-reset-password.ftl Normal file
View File

@@ -0,0 +1,66 @@
<!DOCTYPE html>
<html class="${properties.kcHtmlClass!}" lang="${lang}">
<head>
<meta charset="utf-8">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<title>Drill View Password Reset</title>
<#if properties.styles?has_content>
<#list properties.styles?split(' ') as style>
<link href="${url.resourcesPath}/${style}" rel="stylesheet" />
</#list>
</#if>
</head>
<body class="drill-login">
<main class="drill-login__shell">
<section class="drill-login__brand">
<div class="drill-login__brand-mark">D</div>
<div class="drill-login__brand-copy">
<span class="drill-login__eyebrow">Greact Drill</span>
<h1>Восстановление доступа</h1>
<p>
Введите логин или e-mail, чтобы Keycloak отправил инструкции по восстановлению пароля
и возвращению в защищённую среду Drill.
</p>
</div>
</section>
<section class="drill-login__panel">
<div class="drill-login__panel-head">
<span class="drill-login__eyebrow">Password Recovery</span>
<h2>Сброс пароля</h2>
<p>Используйте корпоративный логин или адрес электронной почты.</p>
</div>
<#if message?has_content>
<div class="drill-login__alert drill-login__alert--${message.type}">
${kcSanitize(message.summary)?no_esc}
</div>
</#if>
<form id="kc-reset-password-form" class="drill-login__form" action="${url.loginAction}" method="post">
<div class="drill-login__field">
<label for="username">Логин или e-mail</label>
<input
id="username"
name="username"
type="text"
value="${(auth.attemptedUsername!'')}"
autofocus
placeholder="Введите логин или e-mail"
/>
</div>
<button class="drill-login__submit" type="submit">
<span>Отправить инструкции</span>
</button>
</form>
<div class="drill-login__footer">
<a href="${url.loginUrl}">Назад ко входу</a>
</div>
</section>
</main>
</body>
</html>

109
keycloak/themes/drill-luxe/login/login.ftl Normal file
View File

@@ -0,0 +1,109 @@
<!DOCTYPE html>
<html class="${properties.kcHtmlClass!}" lang="${lang}">
<head>
<meta charset="utf-8">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<title>Drill View Login</title>
<link rel="icon" href="data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 120 120'%3E%3Crect width='120' height='120' rx='28' fill='%230f1115'/%3E%3Cpath d='M32 89L54 24h12l22 65h-12l-4-13H48l-4 13H32zm19-23h18L60 38 51 66z' fill='%23d4a574'/%3E%3C/svg%3E" />
<#if properties.styles?has_content>
<#list properties.styles?split(' ') as style>
<link href="${url.resourcesPath}/${style}" rel="stylesheet" />
</#list>
</#if>
</head>
<body class="drill-login">
<main class="drill-login__shell">
<section class="drill-login__brand">
<div class="drill-login__brand-mark">D</div>
<div class="drill-login__brand-copy">
<span class="drill-login__eyebrow">Greact Drill</span>
<h1>Премиальный доступ к Drill View</h1>
<p>
Единая точка входа для операторов, инженеров и аналитиков. Безопасный вход в среду мониторинга,
документов и схем в фирменной бронзово-графитовой палитре Drill.
</p>
</div>
<div class="drill-login__feature-grid">
<article>
<span>01</span>
<strong>Единая сессия</strong>
<p>Один realm Keycloak для Drill View, Cloud API и встроенных приложений.</p>
</article>
<article>
<span>02</span>
<strong>Защищённый доступ</strong>
<p>Токены проверяются на backend, а браузер получает только актуальную сессию.</p>
</article>
<article>
<span>03</span>
<strong>Фирменный стиль</strong>
<p>Визуальная система синхронизирована с интерфейсом Drill View.</p>
</article>
</div>
</section>
<section class="drill-login__panel">
<div class="drill-login__panel-head">
<span class="drill-login__eyebrow">Secure Sign In</span>
<h2>Вход в систему</h2>
<p>Используйте корпоративную учётную запись Keycloak.</p>
</div>
<#if message?has_content>
<div class="drill-login__alert drill-login__alert--${message.type}">
${kcSanitize(message.summary)?no_esc}
</div>
</#if>
<form id="kc-form-login" class="drill-login__form" action="${url.loginAction}" method="post">
<div class="drill-login__field">
<label for="username">Логин</label>
<input
id="username"
name="username"
type="text"
value="${(login.username!'')}"
autocomplete="username"
autofocus
placeholder="Введите логин"
/>
</div>
<div class="drill-login__field">
<div class="drill-login__field-row">
<label for="password">Пароль</label>
<#if realm.resetPasswordAllowed>
<a href="${url.loginResetCredentialsUrl}">Не удаётся войти?</a>
</#if>
</div>
<input
id="password"
name="password"
type="password"
autocomplete="current-password"
placeholder="Введите пароль"
/>
</div>
<#if realm.rememberMe && !usernameEditDisabled??>
<label class="drill-login__remember">
<input id="rememberMe" name="rememberMe" type="checkbox" <#if login.rememberMe??>checked</#if> />
<span>Запомнить меня</span>
</label>
</#if>
<button class="drill-login__submit" name="login" id="kc-login" type="submit">
<span>Войти в Drill View</span>
</button>
</form>
<div class="drill-login__footer">
<span>Realm: ${realm.name}</span>
<span>Client: ${client.clientId!'drill-view-frontend'}</span>
</div>
</section>
</main>
</body>
</html>

317
keycloak/themes/drill-luxe/login/resources/css/drill-luxe.css Normal file
View File

@@ -0,0 +1,317 @@
:root {
--drill-bg-primary: #0f1115;
--drill-bg-secondary: #1a1d24;
--drill-bg-tertiary: #252932;
--drill-accent-primary: #c97a3d;
--drill-accent-secondary: #d4a574;
--drill-accent-tertiary: #e8c9a0;
--drill-text-primary: #f8fafc;
--drill-text-secondary: #cbd5e1;
--drill-text-muted: #94a3b8;
--drill-border: rgba(212, 165, 116, 0.18);
--drill-shadow-lg: 0 30px 80px rgba(0, 0, 0, 0.45);
--drill-shadow-glow: 0 0 40px rgba(201, 122, 61, 0.16);
}
* {
box-sizing: border-box;
}
body.drill-login {
margin: 0;
min-height: 100vh;
font-family:
"Inter Variable",
"Inter",
-apple-system,
BlinkMacSystemFont,
"Segoe UI",
sans-serif;
color: var(--drill-text-primary);
background:
radial-gradient(circle at top left, rgba(201, 122, 61, 0.22), transparent 28%),
radial-gradient(circle at bottom right, rgba(139, 90, 43, 0.26), transparent 30%),
linear-gradient(135deg, #090b0f 0%, #0f1115 45%, #181b22 100%);
}
.drill-login__shell {
min-height: 100vh;
display: grid;
grid-template-columns: minmax(0, 1.15fr) minmax(380px, 520px);
gap: 28px;
align-items: stretch;
padding: 28px;
}
.drill-login__brand,
.drill-login__panel {
position: relative;
overflow: hidden;
border-radius: 32px;
border: 1px solid var(--drill-border);
background:
linear-gradient(180deg, rgba(255, 255, 255, 0.04), rgba(255, 255, 255, 0.01)),
rgba(10, 13, 18, 0.72);
box-shadow: var(--drill-shadow-lg), var(--drill-shadow-glow);
backdrop-filter: blur(22px);
}
.drill-login__brand {
padding: 44px;
display: flex;
flex-direction: column;
justify-content: space-between;
}
.drill-login__brand::before,
.drill-login__panel::before {
content: "";
position: absolute;
inset: 0;
background:
linear-gradient(120deg, transparent 0%, rgba(255, 255, 255, 0.06) 24%, transparent 48%),
radial-gradient(circle at top right, rgba(232, 201, 160, 0.12), transparent 32%);
pointer-events: none;
}
.drill-login__brand-mark {
width: 72px;
height: 72px;
display: inline-flex;
align-items: center;
justify-content: center;
border-radius: 24px;
background: linear-gradient(135deg, rgba(201, 122, 61, 0.18), rgba(232, 201, 160, 0.12));
border: 1px solid rgba(212, 165, 116, 0.28);
color: var(--drill-accent-tertiary);
font-size: 1.9rem;
font-weight: 700;
letter-spacing: 0.08em;
}
.drill-login__brand-copy {
max-width: 640px;
}
.drill-login__eyebrow {
display: inline-block;
color: var(--drill-accent-secondary);
text-transform: uppercase;
letter-spacing: 0.24em;
font-size: 0.74rem;
margin-bottom: 18px;
}
.drill-login__brand h1,
.drill-login__panel h2 {
margin: 0;
font-weight: 500;
letter-spacing: -0.04em;
line-height: 1;
}
.drill-login__brand h1 {
max-width: 720px;
font-size: clamp(3rem, 6vw, 5.6rem);
}
.drill-login__brand p,
.drill-login__panel p,
.drill-login__feature-grid p {
color: var(--drill-text-secondary);
line-height: 1.65;
}
.drill-login__feature-grid {
display: grid;
grid-template-columns: repeat(3, minmax(0, 1fr));
gap: 16px;
}
.drill-login__feature-grid article {
padding: 20px;
border-radius: 24px;
background: rgba(255, 255, 255, 0.03);
border: 1px solid rgba(212, 165, 116, 0.12);
}
.drill-login__feature-grid span {
display: inline-block;
color: var(--drill-accent-secondary);
font-size: 0.8rem;
margin-bottom: 10px;
}
.drill-login__feature-grid strong {
display: block;
margin-bottom: 10px;
font-size: 1rem;
}
.drill-login__panel {
padding: 34px;
display: flex;
flex-direction: column;
justify-content: center;
}
.drill-login__panel-head {
margin-bottom: 26px;
}
.drill-login__panel h2 {
font-size: clamp(2rem, 4vw, 3rem);
margin-bottom: 12px;
}
.drill-login__alert {
margin-bottom: 18px;
padding: 14px 16px;
border-radius: 18px;
border: 1px solid rgba(255, 255, 255, 0.08);
background: rgba(255, 255, 255, 0.04);
color: var(--drill-text-primary);
}
.drill-login__alert--error {
border-color: rgba(248, 113, 113, 0.34);
background: rgba(127, 29, 29, 0.28);
}
.drill-login__alert--success,
.drill-login__alert--info {
border-color: rgba(74, 222, 128, 0.24);
background: rgba(20, 83, 45, 0.22);
}
.drill-login__form {
display: flex;
flex-direction: column;
gap: 16px;
}
.drill-login__field {
display: flex;
flex-direction: column;
gap: 8px;
}
.drill-login__field-row {
display: flex;
align-items: center;
justify-content: space-between;
gap: 16px;
}
.drill-login__field label,
.drill-login__remember span,
.drill-login__field-row a {
font-size: 0.92rem;
}
.drill-login__field-row a {
color: var(--drill-accent-secondary);
text-decoration: none;
}
.drill-login__field input {
width: 100%;
border: 1px solid rgba(212, 165, 116, 0.16);
border-radius: 18px;
background: rgba(255, 255, 255, 0.03);
color: var(--drill-text-primary);
padding: 16px 18px;
font: inherit;
outline: none;
transition: border-color 180ms ease, box-shadow 180ms ease, background 180ms ease;
}
.drill-login__field input::placeholder {
color: var(--drill-text-muted);
}
.drill-login__field input:focus {
border-color: rgba(212, 165, 116, 0.44);
box-shadow: 0 0 0 4px rgba(201, 122, 61, 0.18);
background: rgba(255, 255, 255, 0.05);
}
.drill-login__remember {
display: inline-flex;
align-items: center;
gap: 10px;
color: var(--drill-text-secondary);
}
.drill-login__submit {
margin-top: 6px;
border: none;
border-radius: 20px;
padding: 16px 18px;
font: inherit;
font-weight: 600;
color: #180f08;
cursor: pointer;
background: linear-gradient(135deg, #c97a3d 0%, #d4a574 55%, #e8c9a0 100%);
box-shadow: 0 18px 30px rgba(201, 122, 61, 0.24);
transition: transform 180ms ease, box-shadow 180ms ease, filter 180ms ease;
}
.drill-login__submit:hover {
transform: translateY(-1px);
box-shadow: 0 24px 40px rgba(201, 122, 61, 0.32);
filter: saturate(1.05);
}
.drill-login__submit-link {
display: inline-flex;
align-items: center;
justify-content: center;
text-decoration: none;
}
.drill-login__footer {
margin-top: 20px;
display: flex;
justify-content: space-between;
gap: 12px;
color: var(--drill-text-muted);
font-size: 0.82rem;
}
.drill-login__footer a {
color: var(--drill-accent-secondary);
text-decoration: none;
}
@media (max-width: 1180px) {
.drill-login__shell {
grid-template-columns: 1fr;
}
.drill-login__brand {
min-height: 420px;
}
.drill-login__feature-grid {
grid-template-columns: 1fr;
}
}
@media (max-width: 640px) {
.drill-login__shell {
padding: 16px;
}
.drill-login__brand,
.drill-login__panel {
padding: 22px;
border-radius: 24px;
}
.drill-login__field-row,
.drill-login__footer {
flex-direction: column;
align-items: flex-start;
}
}

4
keycloak/themes/drill-luxe/login/theme.properties Normal file
View File

@@ -0,0 +1,4 @@
parent=base
import=common/keycloak
styles=css/drill-luxe.css
locales=ru,en