Setup Apache & Keycloak locally (beta)

Owned by Yafang Deng
Last updated: 14 Mar 2024

Prerequisites

  • You have docker /docker desktop installed on your computer.
  • You have access to a copy of TIS Stage/Prod data.
  • You have added "127.0.0.1 local.tis.com" in your /etc/hosts file (C:\Windows\System32\drivers\etc\hosts for Windows).

Set up TIS core services with dev-handbook

  • Clone dev-handbook, go to the "dev-handbook/admins-ui/environment-setup", and do `docker-compose up` to bring docker containers up. 
  • Stop the docker containers "tis-nginx", "tis-admins-ui", as we're going to use another nginx container and the built scripts of admins-ui.
  • To setup Keycloak together with Admins-UI, the necessary containers we have to start up include: 

tis-mysql
tis-rabbitmq
tis-elasticsearch
tis-profile
tis-reference
tis-tcs

  • Build TIS-ADMINS-UI: do `npm run build` and then you would notice an `admin` folder is created under the project folder.

Configure MySQL database

  1. If you've already got MySQL db setup locally with data, skip this step and go to step 2.
    Get a copy of tis backup db data from S3 bucket (this could be either Prod or Stage) and upzip it on your local.
    After tis-mysql docker container is started up, import data into MySQL . (If you have no idea how to do this, please check with one of other devs).

  2. Run `docker exec -it tis-mysql bash` on your command line, then in the new bash env, type `mysql` to login, and modify the password of MySQL user `keycloak` by executing the following command:

    alter user 'keycloak'@'%' identified by '11111111';

  3. Run the following scripts in command line or via MySQL Workbench:

    use keycloak;

-- clear admin user in keycloak
SET @user_id = (SELECT ID FROM USER_ENTITY where username = "admin");
delete from CREDENTIAL where user_id = @user_id;
delete from USER_ROLE_MAPPING where user_id = @user_id;
delete from USER_ENTITY where id = @user_id;

SET @api_gateway_client_id = (select ID from CLIENT where CLIENT_ID = 'api-gateway' and REALM_ID = (SELECT ID FROM keycloak.REALM where NAME = 'lin'));

-- reset secret for api-gateway
update CLIENT
set SECRET = 'local11111111' where ID = @api_gateway_client_id;

-- reset redirect_uris
delete from REDIRECT_URIS where CLIENT_ID = @api_gateway_client_id;
insert into REDIRECT_URIS values(@api_gateway_client_id, '/admin/redirect_uri');
insert into REDIRECT_URIS values(@api_gateway_client_id, '*');
insert into REDIRECT_URIS values(@api_gateway_client_id, 'http://localhost/*');
insert into REDIRECT_URIS values(@api_gateway_client_id, '/access/index.html');
insert into REDIRECT_URIS values(@api_gateway_client_id, '/logout/index.html');

-- reset web_origins
update WEB_ORIGINS
set value = 'https://local.tis.com' where CLIENT_ID = @api_gateway_client_id;

Configure Keycloak + Apache + Nginx

  • Please clone https://github.com/Health-Education-England/TIS-APACHE-SETUP to get started and use the branch "chore/setup_with_local_credentials".
  • Update the 3nd nginx volumn to map the folder of your local TIS-ADMINS-UI admin folder for Nginx to host.
  • do `docker-compose up` to start up all of these 3 docker containers.


After that, you will be able to access your local Nginx console - url: "http://local.tis.com/auth", username: admin, password: 11111111
and Admins-UI - url: "http://local.tis.com/admin", username and password will be your Stage/Prod credential depends on what backup data you imported.


Slack: https://hee-nhs-tis.slack.com/
Jira issues: https://hee-tis.atlassian.net/issues/?filter=14213