From aaac06da5bc4bfdae1f7d90f5c380e176b3df48f Mon Sep 17 00:00:00 2001
From: Willy Kloucek <wkloucek@owncloud.com>
Date: Thu, 14 Jan 2021 12:20:11 +0100
Subject: [PATCH] let keycloak serve the well-known/openidconnect

---
 deployments/examples/ocis_keycloak/docker-compose.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/deployments/examples/ocis_keycloak/docker-compose.yml b/deployments/examples/ocis_keycloak/docker-compose.yml
index 183d36a998..c6d0147db2 100644
--- a/deployments/examples/ocis_keycloak/docker-compose.yml
+++ b/deployments/examples/ocis_keycloak/docker-compose.yml
@@ -120,6 +120,16 @@ services:
       - "traefik.http.routers.keycloak-secure.service=keycloak"
       - "traefik.http.services.keycloak.loadbalancer.server.port=8080"
       - "traefik.http.services.keycloak.loadbalancer.server.scheme=http"
+      # let /.well-known/openid-configuration be served by Keycloak
+      - "traefik.http.routers.idp-wellknown-secure.entrypoints=https"
+      - "traefik.http.routers.idp-wellknown-secure.tls=true"
+      - "traefik.http.routers.idp-wellknown-secure.tls.certresolver=http"
+      - "traefik.http.routers.idp-wellknown-secure.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`) && Path(`/.well-known/openid-configuration`)"
+      - "traefik.http.middlewares.idp-headers.headers.customrequestheaders.X-Forwarded-Host=${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}"
+      - "traefik.http.middlewares.idp-prefix.addprefix.prefix=/auth/realms/${KEYCLOAK_REALM:-master}"
+      - "traefik.http.middlewares.idp-override.chain.middlewares=idp-headers,idp-prefix"
+      - "traefik.http.routers.idp-wellknown-secure.middlewares=idp-override"
+      - "traefik.http.routers.idp-wellknown-secure.service=keycloak"
     depends_on:
       - postgres
     logging: