directus

Directus, Postgres, Keycloak, Minio

The following example shows how to use Directus with Postgres, Keycloak and Minio.
Architecture

Configuration

warning
This example is preconfigured with un-safe defaults and hard-coded secrets, so please don't use this in production.
docker-compose.yml
name: directus
services:
  traefik:
    image: traefik:latest
    command:
      # - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.endpoint=unix:///var/run/docker.sock"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
    ports:
      - "80:80"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    privileged: true
    labels:
      - "traefik.enable=true"
      - "traefik.http.services.traefik.loadbalancer.server.port=8080"
      - "traefik.http.routers.traefik.rule=Host(`traefik.localhost`)"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.entrypoints=web"

  postgres:
    image: postgis/postgis
    volumes:
      - $PWD/bootstrap/init-directus-db.sh:/docker-entrypoint-initdb.d/init-directus-db.sh
      - $PWD/bootstrap/init-keycloak-db.sh:/docker-entrypoint-initdb.d/init-keycloak-db.sh
    environment:
      - POSTGRES_USER=admin
      - POSTGRES_PASSWORD=admin
      - POSTGRES_DB=admin
    healthcheck:
      test: ["CMD-SHELL", "PGUSER=admin", "pg_isready"]
      interval: 10s
      timeout: 5s
      retries: 5

# import tricks
# https://wkrzywiec.medium.com/create-and-configure-keycloak-oauth-2-0-authorization-server-f75e2f6f6046
  keycloak:
    image: bitnami/keycloak:latest
    # ports:
    #   - "8080:8080"
    volumes:
      - $PWD/bootstrap/realm-directus.json:/opt/bitnami/keycloak/data/import/realm-directus.json
    environment:
      - KEYCLOAK_HOSTNAME_STRICT=false
      - KEYCLOAK_CREATE_ADMIN_USER=true
      - KEYCLOAK_ADMIN_USER=keycloak
      - KEYCLOAK_ADMIN_PASSWORD=keycloak
      - KEYCLOAK_DATABASE_VENDOR=postgresql
      - KEYCLOAK_DATABASE_HOST=postgres
      - KEYCLOAK_DATABASE_NAME=keycloak
      - KEYCLOAK_DATABASE_USER=keycloak
      - KEYCLOAK_DATABASE_PASSWORD=keycloak
      - KEYCLOAK_EXTRA_ARGS="--import-realm --health-enabled=true"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8080/health/ready"]
      interval: 10s
      timeout: 2s
      retries: 15
    depends_on:
      - postgres
    labels:
      - "traefik.enable=true"
      - "traefik.http.services.keycloak.loadbalancer.server.port=8080"
      - "traefik.http.routers.keycloak.rule=Host(`keycloak.localhost`)"
      - "traefik.http.routers.keycloak.entrypoints=web"

  minio:
    image: quay.io/minio/minio
    # ports:
    #   - 9000:9000
    #   - 9001:9001
    volumes:
      - $PWD/data/minio:/data
    environment:
      MINIO_ROOT_USER: s3key
      MINIO_ROOT_PASSWORD: s3secret
    command: server --console-address ":9001" /data

  directus:
    image: directus/directus:latest
    restart: on-failure
    volumes:
      - $PWD/data/uploads:/directus/uploads
      - $PWD/extensions:/directus/extensions
    environment:
      EXTENSIONS_AUTO_RELOAD: true
      WEBSOCKETS_ENABLED: true
      PUBLIC_URL: 'http://directus.localhost/'

      KEY: 'top-secret'
      SECRET: 'top-secret'

      DB_CLIENT: 'postgres'
      DB_HOST: 'postgres'
      DB_PORT: 5432
      DB_DATABASE: directus
      DB_USER: directus
      DB_PASSWORD: directus

      REFRESH_TOKEN_COOKIE_SECURE: false
      REFRESH_TOKEN_COOKIE_SAME_SITE: "lax"

      AUTH_PROVIDERS: keycloak
      AUTH_DISABLE_DEFAULT: true
      AUTH_KEYCLOAK_DRIVER: "openid"
      AUTH_KEYCLOAK_CLIENT_ID: "directus"
      AUTH_KEYCLOAK_CLIENT_SECRET: "iiBI8oDeXJLWhTpdqSYxrJBsPgzU6P2o"
      AUTH_KEYCLOAK_ISSUER_URL: "http://keycloak:8080/realms/directus/.well-known/openid-configuration"
      AUTH_KEYCLOAK_SCOPE: "openid email profile"
      AUTH_KEYCLOAK_DEFAULT_ROLE_ID: "0fcdec2b-3efb-44c1-8f91-d743cc70d3d7"
      AUTH_KEYCLOAK_ALLOW_PUBLIC_REGISTRATION: true

      #AUTH_PROVIDERS: cognito
      #AUTH_COGNITO_DRIVER: openid
      #AUTH_COGNITO_CLIENT_ID: ...
      #AUTH_COGNITO_CLIENT_SECRET: ...
      #AUTH_COGNITO_ISSUER_URL: https://cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_aCDH8lmHN/.well-known/openid-configuration
      #AUTH_COGNITO_ALLOW_PUBLIC_REGISTRATION: true
      #AUTH_COGNITO_DEFAULT_ROLE_ID: 0fcdec2b-3efb-44c1-8f91-d743cc70d3d7
      #AUTH_COGNITO_SCOPE: "openid email profile"
      #AUTH_COGNITO_ICON: aws

      STORAGE_LOCATIONS: s3
      STORAGE_S3_DRIVER: s3
      STORAGE_S3_KEY: s3key
      STORAGE_S3_SECRET: s3secret
      STORAGE_S3_BUCKET: directus
      STORAGE_S3_ENDPOINT: 'http://minio:9000'
      STORAGE_S3_REGION: ap-southeast-2
      STORAGE_S3_FORCE_PATH_STYLE: true
      ASSETS_TRANSFORM_IMAGE_MAX_DIMENSION: 12000
    depends_on:
      - keycloak
      - postgres

    labels:
      - "traefik.enable=true"
      - "traefik.http.services.directus.loadbalancer.server.port=8055"
      - "traefik.http.routers.directus.rule=Host(`directus.localhost`)"
      - "traefik.http.routers.directus.entrypoints=web"
Directus, Postgres, Keycloak, Minio​

Architecture​

Configuration​

Directus, Postgres, Keycloak, Minio

Architecture

Configuration
