Kevin Veen-Birkenbach
cbfb096cdb
- Move all domain→expected-status mapping to filter `web_health_expectations`. - Require explicit app selection via non-empty `group_names`; only those apps are included. - Add `www_enabled` flag (wired via `WWW_REDIRECT_ENABLED`) to generate/force www.* → 301. - Support `redirect_maps` to include manual redirects (sources forced to 301), independent of app selection. - Aliases always 301; canonicals use per-key override or `server.status_codes.default`, else [200,302,301]. - Remove legacy fallbacks (`server.status_codes.home` / `landingpage`). - Wire filter output into systemd ExecStart script as JSON expectations. - Normalize various templates to use `to_json` and minor spacing fixes. - Update app configs (e.g., YOURLS default=301; Confluence default=302; Bluesky web=405; MediaWiki/Confluence canonical/aliases). - Constructor now uses `WWW_REDIRECT_ENABLED` for domain generation. Tests: - Add comprehensive unit tests for filter: selection by group, keyed/default codes, aliases, www handling, redirect_maps, input sanitization. - Add unit tests for the standalone checker script (JSON parsing, OK/mismatch counting, sanitization). See conversation: https://chatgpt.com/share/68c2b93e-de58-800f-8c16-ea05755ba776
Keycloak
Description
Step into a secure future with Keycloak! This open‐source identity and access management solution offers powerful single sign-on (SSO), multi-factor authentication, and user federation capabilities. With support for industry standards such as SAML and OpenID Connect, Keycloak helps you protect and streamline access to your applications.
Overview
This role deploys Keycloak in a Docker environment, integrating it with a PostgreSQL database and enabling operation behind a reverse proxy such as NGINX. It manages container orchestration and configuration via Docker Compose and environment variable templates, ensuring a secure and scalable identity management solution.
Features
- Comprehensive Identity Management: Manage users, roles, and permissions across your applications with robust SSO and user federation.
- Advanced Security Options: Benefit from multi-factor authentication, configurable password policies, and secure session management.
- Standards Support: Seamlessly integrate with SAML, OpenID Connect, and OAuth2 to support various authentication flows.
- Scalable and Customizable: Easily tailor settings and scale your Keycloak instance to meet growing demands.
Further Resources
- Keycloak Official Website
- Official Keycloak Documentation
- Keycloak GitHub Repository
- Setting up Keycloak behind a Reverse Proxy
- Wikipedia
- Youtube Tutorial
Credits
Developed and maintained by Kevin Veen-Birkenbach.
Learn more at veen.world.
Part of the Infinito.Nexus Project
Licensed under Infinito.Nexus NonCommercial License.