identity:
container_name: identity
image: camunda/identity:${CAMUNDA_IDENTITY_VERSION}
ports:
- "8084:8084"
environment:
- SERVER_PORT=8084
- IDENTITY_URL=https://my-host/identity
- IDENTITY_RETRY_DELAY_SECONDS=30
- KEYCLOAK_URL=https://my-keycloak/keycloak
- IDENTITY_AUTH_PROVIDER_ISSUER_URL=https://my-keycloak/keycloak/realms/qportal
- IDENTITY_AUTH_PROVIDER_BACKEND_URL=https://my-keycloak/keycloak/realms/qportal
- IDENTITY_AUTH_PROVIDER_CLIENT_ID=camunda-identity
- IDENTITY_AUTH_PROVIDER_CLIENT_SECRET=my-secret
- IDENTITY_KEYCLOAK_REALM=qportal
- CAMUNDA_IDENTITY_TYPE=KEYCLOAK
- LOGGING_LEVEL_ROOT=DEBUG
- LOGGING_LEVEL_IO_CAMUNDA_IDENTITY=DEBUG
- SPRING_LOGGING_LEVEL_ORG_APACHE_HTTP=TRACE
- SPRING_LOGGING_LEVEL_ORG_SPRINGFRAMEWORK_WEB_CLIENT=TRACE
- SPRING_LOGGING_LEVEL_ORG_SPRINGFRAMEWORK_WEB_CLIENT_REACTIVE=DEBUG
- SPRING_LOGGING_LEVEL_ORG_SPRINGFRAMEWORK_SECURITY_OAUTH2=DEBUG
- SERVER_LOGGING_LEVEL=TRACE
- logging.level.org.springframework.web.client.RestTemplate=DEBUG
- logging.level.org.apache.http=DEBUG
- "JAVA_TOOL_OPTIONS=-Djavax.net.ssl.trustStore=/opt/truststore.jks -Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.debug=ssl -Dlogging.level.io.camunda=DEBUG"
- SPRING_WEB_FORWARD-HEADERS-STRATEGY=native
- CAMUNDA_IDENTITY_SSO_SINGLE_SIGN_OUT_ENABLED="true"
- MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED}
- RESOURCE_PERMISSIONS_ENABLED=${RESOURCE_AUTHORIZATIONS_ENABLED}
restart: on-failure
volumes:
- ./truststore.jks:/opt/truststore.jks
labels:
- "traefik.enable=true"
- "traefik.http.routers.identity.tls=true"
- "traefik.http.routers.identity.service=identity"
- "traefik.http.services.identity.loadbalancer.server.port=8084"
- "traefik.http.routers.identity.rule=PathPrefix(`/identity`)"
- "traefik.http.middlewares.identity-midl.stripprefix.prefixes=/identity"
- "traefik.http.middlewares.identity-midl.stripprefix.forceSlash=False"
- "traefik.http.routers.identity.middlewares=identity-midl"
networks:
- peering-dev
- camunda-platform