This is a Dockerfile for Keycloak-proxy which can be used for securing Kibana which is used as an Audit Record Repository for the archive.
See Running on Docker at the dcm4che Archive 5 Wiki.
Below explained environment variables can be set as per one's application to override the default values if need be.
An example of how one can set an env variable in docker run command is shown below :
-e KEYCLOAK_DEVICE_NAME=my-keycloak
Note : If default values of any environment variables were overridden in startup of slapd container,
then ensure that the same values are also used for overriding the defaults during startup of keycloak container.
This environment variable sets the Http port of Wildfly. Default value is 8080.
This environment variable sets the Https port of Wildfly. Default value is 8443.
This environment variable sets the keystore used in ssl server identities. Default value is
/opt/keycloak-proxy/conf/key.jks.
This environment variables sets the password of the keystore used in ssl server.
Only effective if the file specified by KEYSTORE_PASSWORD_FILE does not exist. Default value is secret.
Path to file containing the password of the keystore used in ssl server identities.
If the file does not exist, it will be created containing the password specified by KEYSTORE_PASSWORD.
Default value is /tmp/keystore_password.
This environment variables sets the password of the key used in ssl server identities.
Only effective if the file specified by KEY_PASSWORD_FILE does not exist. Default value is secret.
Path to file containing the password of the key used in ssl server identities.
If the file does not exist, it will be created containing the password specified by KEY_PASSWORD.
Default value is /tmp/key_password.
This environment variable sets the truststore which will be used to verify Keycloak's certificate in Https communication.
Default value is /opt/keycloak-proxy/conf/cacerts.jks.
This environment variable sets the password of the above truststore.
Only effective if the file specified by TRUSTSTORE_PASSWORD_FILE does not exist. Default value is secret.
Path to file containing the password of the above truststore.
If the file does not exist, it will be created containing the password specified by TRUSTSTORE_PASSWORD.
Default value is /tmp/truststore_password.
If the Keycloak server requires HTTPS and this config option is set to true the Keycloak server’s certificate is
validated via the truststore, but host name validation is not done. Default value set is true.
This environment variable is used to match auth-server-url used in the wildfly configuration for Keycloak. Default value is
https://keycloak:8443/auth.
This environment variable defines the SSL/HTTPS requirements for interacting with the realm. Default value is external.
Values which are accepted are : external, none or all.
This is the name of the realm configured in Keycloak for securing audit record repository. Default value is dcm4che.
This environment variable sets the client ID for the Kibana client. This value is used in creation of client for securing
audit record repository which is running on Kibana. Default value set is kibana.
If set to false, the adapter will send credentials for the client to Keycloak. The default value is true.
Specify the credential password of the application. This is REQUIRED for clients with 'Confidential' access type.
This should be set to true for services. If enabled the adapter will not attempt to authenticate users,
but only verify bearer tokens. The default value is false.
This environment variable sets the URL this server is proxying, and is REQUIRED. Default value is http://kibana:5601.
This environment variable sets the base context root for the application. Must start with '/' and is REQUIRED. Default
value is /.
This environment variable sets the role of the user which will be allowed to use this service. Default value is auditlog.