Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add Keycloak Support #323

Open
wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

add Keycloak Support #323

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ec6ae6e
add keycloak support
merzi Feb 22, 2024
6f50679
fix nginx config & remove old tag
merzi Feb 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,4 +62,5 @@ Version: 2.7.3 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigblue
## Further How-To's
- [Running behind NAT](docs/behind-nat.md)
- [Integration into an existing web server](docs/existing-web-server.md)
- [Integration of addition authentication providers](docs/additional-authentication-providers.md)

27 changes: 27 additions & 0 deletions docker-compose.tmpl.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -173,6 +173,7 @@ services:
- "webrtc-sfu:10.7.7.1"
- "html5:10.7.7.11"
- "greenlight:10.7.7.21"
- "keycloak:10.7.7.23"

etherpad:
build:
Expand Down Expand Up @@ -505,6 +506,32 @@ services:
networks:
bbb-net:
ipv4_address: 10.7.7.22

{{ if isTrue .Env.ENABLE_KEYCLOAK }}
# keycloak Authentification provider
keycloak:
command: start
image: quay.io/keycloak/keycloak:23.0
restart: unless-stopped
environment:
- KEYCLOAK_ADMIN=${KEYCLOAK_ADMIN:-admin}
- KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD:-password}
- KC_DB=postgres
- KC_DB_URL_HOST=postgres
- KC_DB_USERNAME=postgres
- KC_DB_URL_DATABASE=keycloakdb
- KC_DB_PASSWORD=${POSTGRESQL_SECRET:-password}
- KC_HOSTNAME_STRICT=${KEYCLOAK_HOSTNAME_STRICT:-false}
- KC_HTTP_RELATIVE_PATH=/keycloak
- KC_PROXY=edge
logging:
driver: journald
depends_on:
- postgres
networks:
bbb-net:
ipv4_address: 10.7.7.23
{{end}}
{{end}}

{{ if isTrue .Env.ENABLE_PROMETHEUS_EXPORTER }}
Expand Down
11 changes: 11 additions & 0 deletions docs/additional-authentication-providers.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# Note if you want to use a additional authentication provider
If you want to authenticate against an external authentication you have to enable keycloak.
On new installations you can enable it within the setup script.
If you already use BigBlueButton uncomment the and set the values to the following environment variables:
- ENABLE_KEYCLOAK to true
- KEYCLOAK_ADMIN to the wanted username of the keycloak administration account (default: admin)
- KEYCLOAK_ADMIN_PASSWORD to a safe passwort (the setup script creates one)

## Further Information
[Keycloak Configuration Instructions](https://docs.bigbluebutton.org/greenlight/v3/external-authentication/)

21 changes: 21 additions & 0 deletions mod/nginx/bbb/keycloak.nginx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
### Keycloak:

location /keycloak {
proxy_pass http://keycloak:8080;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_http_version 1.1;

proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;

proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;

}
7 changes: 7 additions & 0 deletions sample.env
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -197,6 +197,13 @@ NUMBER_OF_FRONTEND_NODEJS_PROCESSES=2
#S3_BUCKET=
#S3_ENDPOINT=

# To enable Keycloak as Authentification Provider (for example for Microsoft/Office 365)
#
#ENABLE_KEYCLOAK=false
#KEYCLOAK_ADMIN=
#KEYCLOAK_ADMIN_PASSWORD=
#KEYCLOAK_HOSTNAME_STRICT=

# Define the default locale language code (i.e. 'en' for English) from the fallowing list:
# [en, ar, fr, es]
#DEFAULT_LOCALE=en
Expand Down
1 change: 1 addition & 0 deletions scripts/generate-compose
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ docker run \
-e ENABLE_WEBHOOKS=${ENABLE_WEBHOOKS:-false} \
-e ENABLE_COTURN=${ENABLE_COTURN:-false} \
-e ENABLE_GREENLIGHT=${ENABLE_GREENLIGHT:-false} \
-e ENABLE_KEYCLOAK=${ENABLE_KEYCLOAK:-false} \
-e ENABLE_PROMETHEUS_EXPORTER=${ENABLE_PROMETHEUS_EXPORTER:-false} \
-e ENABLE_PROMETHEUS_EXPORTER_OPTIMIZATION=${ENABLE_PROMETHEUS_EXPORTER_OPTIMIZATION:-false} \
-e NUMBER_OF_BACKEND_NODEJS_PROCESSES=${NUMBER_OF_BACKEND_NODEJS_PROCESSES:-1} \
Expand Down
23 changes: 23 additions & 0 deletions scripts/setup
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,14 @@ while [[ ! $greenlight =~ ^(y|n)$ ]]; do
read -p "Should greenlight be included? (y/n): " greenlight
done

keycloak=""
if [ "$greenlight" = "y" ]
then
while [[ ! $keycloak =~ ^(y|n)$ ]]; do
read -p "Should Keycloak as external Authenficator be included? (y/n): " keycloak
done
fi

https_proxy=""
while [[ ! $https_proxy =~ ^(y|n)$ ]]; do
read -p "Should an automatic HTTPS Proxy be included? (y/n): " https_proxy
Expand Down Expand Up @@ -141,6 +149,15 @@ then
sed -i "s/ENABLE_GREENLIGHT.*/#ENABLE_GREENLIGHT=true/" .env
fi

if [ "$keycloak" == "y" ]
then
sed -i "s/.*ENABLE_KEYCLOAK=.*/ENABLE_KEYCLOAK=true/" .env
sed -i "s/.*KEYCLOAK_ADMIN=.*/KEYCLOAK_ADMIN=admin/" .env
KEYCLOAK_SECRET=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 40)
sed -i "s/.*KEYCLOAK_ADMIN_PASSWORD=.*/KEYCLOAK_ADMIN_PASSWORD=$KEYCLOAK_SECRET/" .env
sed -i "s/.*KEYCLOAK_HOSTNAME_STRICT=.*/KEYCLOAK_HOSTNAME_STRICT=false/" .env
fi

if [ ! "$https_proxy" == "y" ]
then
sed -i "s/ENABLE_HTTPS_PROXY.*/#ENABLE_HTTPS_PROXY=true/" .env
Expand Down Expand Up @@ -206,6 +223,12 @@ echo " $ nano .env"
echo ""
echo "make sure to recreate the docker-compose.yml after each change"
echo " $ ./scripts/generate-compose"
if [ "$keycloak" == "y" ]
then
echo ""
echo "make sure to create the keycloak database before you start the container"
echo " $ ./scripts/setup-keycloak-database"
fi
echo ""
echo "to start bigbluebutton run"
echo " $ docker compose up -d"
39 changes: 39 additions & 0 deletions scripts/setup-keycloak-database
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
#!/bin/bash

cd $(dirname $0)/..

function create_database {
while ! docker exec $1 nc -zw3 127.0.0.1 5432
do
echo "Waiting for postgres to start up ..."
sleep 1
done
DATABASE_EXISTS=$(docker exec -u postgres $1 psql -c '\l' | grep "$2")
if [ -z "$DATABASE_EXISTS" ]
then
docker exec -u postgres $1 psql -c "CREATE DATABASE $2;"
fi
}

# load .env
. scripts/functions.sh
load_env

KEYCLOAK_DATABASE='keycloakdb'

COMPOSE_PREFIX=$(docker compose ps | grep postgres | awk '{print $1}' | sed 's/-postgres-1//')

if [ -z "$COMPOSE_PREFIX" ]
then
docker run \
--rm \
--detach --name postgres_tmp \
-e POSTGRES_DB=greenlight-v3 \
-e POSTGRES_USER=postgres \
-e POSTGRES_PASSWORD=${POSTGRESQL_SECRET:-password} \
--volume ./postgres-data:/var/lib/postgresql/data \
postgres:12-alpine
create_database 'postgres_tmp' "$KEYCLOAK_DATABASE" && docker stop postgres_tmp
else
create_database $(docker compose ps | grep postgres | awk '{print $1}') "$KEYCLOAK_DATABASE"
fi