From 91c5102a1d659383d2a93cfb156b8b49ef7acfca Mon Sep 17 00:00:00 2001
From: Elian Loraux <elian.loraux@tetras-libre.fr>
Date: Mon, 24 Mar 2025 14:40:01 +0100
Subject: [PATCH 1/3] remove expose and set loadbalacner

---
 traefik.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/traefik.yml b/traefik.yml
index 0db0950..6060881 100644
--- a/traefik.yml
+++ b/traefik.yml
@@ -5,8 +5,6 @@ services:
     networks:
       - default
       - traefik
-    expose:
-      - 8080
     labels:
       - "traefik.enable=true"
       - "traefik.docker.network=traefik"
@@ -14,7 +12,8 @@ services:
       - "traefik.http.routers.${NAME}.tls.certresolver=myresolver"
       - "traefik.http.routers.${NAME}.entrypoints=web,websecure"
       - "traefik.http.routers.${NAME}.middlewares=hardening@docker"
-
+      - "traefik.http.routers.${NAME}.service=${NAME}"
+      - "traefik.http.services.${NAME}.loadbalancer.server.port=8080"
 
 networks:
   traefik:
-- 
GitLab


From 3adc99a195dea7e528610a7d1083534562f1e7fa Mon Sep 17 00:00:00 2001
From: Elian Loraux <elian.loraux@tetras-libre.fr>
Date: Mon, 24 Mar 2025 14:41:48 +0100
Subject: [PATCH 2/3] set hostname in option of keycloak

---
 prod.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/prod.yml b/prod.yml
index b715016..9a984ed 100644
--- a/prod.yml
+++ b/prod.yml
@@ -12,3 +12,4 @@ services:
         - "--http-enabled=true"
         - "--import-realm"
         - "--verbose"
+        - "--hostname=https://${HOST}"
-- 
GitLab


From e9550cebebb2f7b6ccffbe6bc2b9dab0c5ad57bb Mon Sep 17 00:00:00 2001
From: Elian Loraux <elian.loraux@tetras-libre.fr>
Date: Mon, 24 Mar 2025 15:48:27 +0100
Subject: [PATCH 3/3] add healthcheck in prod

---
 .env.sample | 1 +
 prod.yml    | 1 +
 traefik.yml | 7 +++++++
 3 files changed, 9 insertions(+)

diff --git a/.env.sample b/.env.sample
index c0283f3..7a0816d 100644
--- a/.env.sample
+++ b/.env.sample
@@ -7,6 +7,7 @@ COMPOSE_FILE=docker-compose.yml:prod.yml:traefik.yml
 NAME=keycloak
 # Set localhost if you are in local
 HOST=keycloak.FQDN
+HOST_HEALTHCHECK=keycloak-health.FQDN
 
 # In Dev environnement
 PORT=8080
diff --git a/prod.yml b/prod.yml
index 9a984ed..1fe5d6b 100644
--- a/prod.yml
+++ b/prod.yml
@@ -13,3 +13,4 @@ services:
         - "--import-realm"
         - "--verbose"
         - "--hostname=https://${HOST}"
+        - "--health-enabled=true"
diff --git a/traefik.yml b/traefik.yml
index 6060881..090e6fd 100644
--- a/traefik.yml
+++ b/traefik.yml
@@ -15,6 +15,13 @@ services:
       - "traefik.http.routers.${NAME}.service=${NAME}"
       - "traefik.http.services.${NAME}.loadbalancer.server.port=8080"
 
+      - "traefik.http.routers.${NAME}-healthcheck.rule=Host(`${HOST_HEALTHCHECK}`)"
+      - "traefik.http.routers.${NAME}-healthcheck.tls.certresolver=myresolver"
+      - "traefik.http.routers.${NAME}-healthcheck.entrypoints=web,websecure"
+      - "traefik.http.routers.${NAME}-healthcheck.middlewares=hardening@docker"
+      - "traefik.http.routers.${NAME}-healthcheck.service=${NAME}-healthcheck"
+      - "traefik.http.services.${NAME}-healthcheck.loadbalancer.server.port=9000"
+
 networks:
   traefik:
     external: true
-- 
GitLab