NUSMods Authentication Service

NUSMods' auth service is a Dockerized, self-hosted instance of the Keycloak Identity and Access Manangement Solution deployed to Dokku. It is based off Keycloak's official docker image with some slight modifications. This repository was originally forked from https://github.com/mieckert/keycloak-heroku, which adapted Keycloak to work with Heroku.

Deployment

This section contains instructions to deploy this service to NUSMods production servers.

First-time installation

1. On server: Install Dokku
2. At this point, you may have to whitelist an SSH key with Dokku.
3. On server: dokku domains:set-global 2.nusmods.com
4. On server: sudo dokku plugin:install https://github.com/dokku/dokku-postgres.git
5. On server: sudo dokku plugin:install https://github.com/dokku/dokku-letsencrypt.git
6. On server: dokku apps:create keycloak
7. On server: dokku postgres:create keycloakdb
8. On server: dokku postgres:link keycloakdb keycloak
9. On your machine: git clone https://github.com/nusmodifications/nusmods-auth-service.git
10. On your machine: cd nusmods-auth-service
11. On your machine: git remote add dokku dokku@nusmods2:keycloak
12. On your machine: git push dokku master
13. On server: dokku proxy:ports-set keycloak http:80:8080
14. On server: dokku letsencrypt keycloak
15. On server: dokku config:set keycloak KEYCLOAK_USER=<admin user> KEYCLOAK_PASSWORD=<admin password> PROXY_ADDRESS_FORWARDING=true (not sure if PAF is neccesary)
16. On server: dokku proxy:ports-set keycloak http:80:8080 https:443:8080 (don't use Keycloak's port 8443 as it will try to do HTTPS itself instead of letting our reverse proxy do it for us)

Upgrading

On your machine:

1. cd nusmods-auth-service
2. git pull
3. Update the jboss/keycloak image version in Dockerfile and commit the changes.
4. Deploy: git push dokku master
5. Update the origin repo: git push origin master