services:
  keycloak:
    image: quay.io/keycloak/keycloak:${KEYCLOAK_VERSION:-latest}
    environment:
      KC_DB: ${KC_DB}
      KC_DB_SCHEMA: ${KC_DB_SCHEMA}
      KC_DB_USERNAME: ${KC_DB_USERNAME}
      KC_DB_PASSWORD: ${KC_DB_PASSWORD}
      KC_DB_URL_HOST: ${KC_DB_URL_HOST}
      KC_METRICS_ENABLED: ${KC_METRICS_ENABLED}
      KC_HEALTH_ENABLED: ${KC_HEALTH_ENABLED}
      KC_BOOTSTRAP_ADMIN_USERNAME: ${KC_BOOTSTRAP_ADMIN_USERNAME}
      KC_BOOTSTRAP_ADMIN_PASSWORD: ${KC_BOOTSTRAP_ADMIN_PASSWORD}
      KC_PROXY_HEADERS: ${KC_PROXY_HEADERS}
      KC_HTTP_ENABLED: ${KC_HTTP_ENABLED}
      KC_HOSTNAME_STRICT: ${KC_HOSTNAME_STRICT}
      KC_HOSTNAME: ${KC_HOSTNAME}
      KC_HOSTNAME_PORT: ${KC_PORT}

    command: start
    container_name: ${CONTAINER_NAME}
    volumes:
      - ${HOST_VOLUME}:/opt/keycloak/themes
    restart: always
    ports:
      - ${HOST_PORT1}:8080
      - ${HOST_PORT2}:8443
    healthcheck:
      test: ["CMD-SHELL", "exec 3<>/dev/tcp/127.0.0.1/9000; echo -e 'GET /health/ready HTTP/1.1\r\nhost: localhost\r\nConnection: close\r\n\r\n' >&3; grep 'HTTP/1.1 200 OK' <&3"]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 30s
    entrypoint: '/opt/keycloak/bin/kc.sh'