提问人:thibd 提问时间:10/12/2023 更新时间:10/12/2023 访问量:237
用钥匙斗篷设置鸽舍
Set up dovecot with keycloak
问:
我想用keycloak OPENID设置鸽舍+圆形立方体。
首先,我尝试仅配置鸽舍+钥匙斗篷并使用 thunderbird 访问它。
我的配置文件是: 对于 docker compose:
version: "3"
services:
keycloak:
image: quay.io/keycloak/keycloak:latest
command: ['start-dev --import-realm --http-relative-path=/auth --log-level=DEBUG']
environment:
- KEYCLOAK_USER=admin
- KEYCLOAK_PASSWORD=admin
- KEYCLOAK_ADMIN=myadmin
- KEYCLOAK_ADMIN_PASSWORD=myadmin
- DB_VENDOR=POSTGRES
- DB_ADDR=keycloak-db
- DB_DATABASE=keycloak
- DB_USER=keycloak
- DB_PASSWORD=keycloak
ports:
- 8080:8080 # pour l'interface utilisateur de Keycloak
- 9990:9990 # pour l'interface d'administration de WildFly/JBoss
networks:
- keycloak-network
#restart: always
depends_on:
- keycloak-db
keycloak-db:
image: postgres:latest
environment:
- POSTGRES_DB=keycloak
- POSTGRES_USER=keycloak
- POSTGRES_PASSWORD=keycloak
networks:
- keycloak-network
restart: always
volumes:
- './dbkeycloak:/var/lib/postgresql/data'
dovecot:
image: dovecot/dovecot
container_name: dovecot
ports:
- "127.0.0.1:993:993" # Change the port to 993 for secure IMAPS
environment:
- MAIL_DOMAIN=localhost
volumes:
- ./dovecot.conf:/etc/dovecot/dovecot.conf # Mount the custom configuration directory
- ./dovecot-oauth2.conf.ext:/etc/dovecot/dovecot-oauth2.conf.ext # Mount the custom configuration directory
command: ["sh", "-c", "dovecot -F"]
roundcube:
image: roundcube/roundcubemail
container_name: roundcube1
ports:
- "80:80" # Change the port as needed
environment:
- ROUNDCUBEMAIL_DEFAULT_HOST=dovecot
- ROUNDCUBEMAIL_SMTP_SERVER=dovecot
- ROUNDCUBEMAIL_IMAP_HOST=dovecot # Specify the IMAP server hostname
- ROUNDCUBEMAIL_IMAP_PORT=993 # Specify the IMAP server port
- ROUNDCUBEMAIL_IMAP_SECURE=ssl # Use 'ssl' for secure IMAP, or 'tls' for STARTTLS
- ROUNDCUBEMAIL_IMAP_AUTH_TYPE=PLAIN # Use 'PLAIN' for plain text authentication
depends_on:
- dovecot
networks:
keycloak-network:
driver: bridge
dovecot-oauth2.conf.ext:
grant_url = http://keycloak:8080/realms/sso/protocol/openid-connect/token
client_id = dovecot
client_secret = bKBUxAyVc8boi53RPfx6nDtwRSmnUbin
tokeninfo_url = http://keycloak:8080/realms/sso/protocol/openid-connect/token
introspection_url = http://keycloak:8080/realms/sso/protocol/openid-connect/token/introspect
introspection_mode = post
use_grant_password = no
debug = yes
username_attribute = username
pass_attrs = pass=%{oauth2:access_token}
dovecot.conf
mail_home=/srv/mail/%Lu
mail_location=sdbox:~/Mail
mail_uid=1000
mail_gid=1000
protocols = imap pop3 submission sieve lmtp
first_valid_uid = 1000
last_valid_uid = 1000
disable_plaintext_auth=no
# Authentication configuration:
auth_verbose = yes
auth_mechanisms = oauthbearer xoauth2 plain login
passdb {
driver = oauth2
mechanisms = xoauth2 oauthbearer
args = /etc/dovecot/dovecot-oauth2.conf.ext
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/var/mail/mailbox/%Lu
}
mail_privileged_group = mail
ssl=yes
ssl_cert=<cert.pem
ssl_key=<key.pem
namespace {
inbox = yes
separator = /
}
service lmtp {
inet_listener {
port = 24
}
}
listen = *
log_path=/dev/stdout
info_log_path=/dev/stdout
debug_log_path=/dev/stdout
auth_debug=yes
!include_try /etc/dovecot/conf.d/*.conf
我的钥匙斗篷:
当我尝试与 thunderbird 连接时
我在鸽舍里没有日志。
有人可以帮我配置吗?
答: 暂无答案
评论
client_id/secretintrospection_urlhttp://<client_id>:<client_secret>@keycloak:8080/realms/sso/protocol/openid-connect/token/introspect