chore: bump traefik to 3.6.7

fix add back slash to traefik allowed encoded characters (#211 )
Merge pull request #206 from aleksa-radojicic/add-kc-log-level
2026-06-08 20:20:04 +08:00 · 2026-02-02 09:57:57 +01:00 · 2026-02-02 09:13:14 +01:00 · 2026-01-25 17:58:49 +01:00 · 2026-01-25 11:46:52 +01:00 · 2026-01-25 11:43:02 +01:00
7 changed files with 11 additions and 18 deletions
--- a/.env.example
+++ b/.env.example
@@ -59,10 +59,7 @@ TRAEFIK_SERVICES_TLS_CONFIG="tls.certresolver=letsencrypt"
 #     - certFile: /certs/opencloud.test.crt
 #       keyFile: /certs/opencloud.test.key
 #   stores:
-#     default:
+#     - default
 #       defaultCertificate:
 #         certFile: /certs/opencloud.test.crt
 #         keyFile: /certs/opencloud.test.key
 #
 # The certificates need to be copied into ./certs/, the absolute path inside the container is /certs/.
 # You can also use TRAEFIK_CERTS_DIR=/path/on/host to set the path to the certificates directory.
@@ -325,6 +322,9 @@ KEYCLOAK_DOMAIN=
 KEYCLOAK_ADMIN=
 # Admin user login password. Defaults to "admin".
 KEYCLOAK_ADMIN_PASSWORD=
 # Configure the log level for Keycloak.
 # Possible values are "TRACE", "DEBUG", "INFO", "WARN", "ERROR", "FATAL" and "OFF". Default is "INFO".
 KC_LOG_LEVEL=
 # Keycloak Database username. Defaults to "keycloak".
 KC_DB_USERNAME=
 # Keycloak Database password. Defaults to "keycloak".
--- a/README.md
+++ b/README.md
@@ -285,10 +285,6 @@ OpenCloud Compose supports adding SSL certificates for public domains and develo
         keyFile: /certs/opencloud.test.key
         stores:
           - default
       - certFile: /certs/wildcard.example.com.crt
         keyFile: /certs/wildcard.example.com.key
         stores:
           - default
   ```
 3. **Configure environment variables**:
--- a/config/keycloak/docker-entrypoint-override.sh
+++ b/config/keycloak/docker-entrypoint-override.sh
@@ -1,5 +1,8 @@
 #!/bin/bash
-printenv
+# print env variables for trace/debug log levels
 log_level=$(printf '%s' "$KC_LOG_LEVEL" | tr '[:upper:]' '[:lower:]')
 case "$log_level" in trace|debug) printenv ;; *) ;; esac
 # replace openCloud domain and LDAP password in keycloak realm import
 mkdir /opt/keycloak/data/import
 sed -e "s/cloud.opencloud.test/${OC_DOMAIN}/g" -e "s/ldap-admin-password/${LDAP_ADMIN_PASSWORD:-admin}/g" /opt/keycloak/data/import-dist/openCloud-realm.json > /opt/keycloak/data/import/openCloud-realm.json
--- a/config/traefik/docker-entrypoint-override.sh
+++ b/config/traefik/docker-entrypoint-override.sh
@@ -23,14 +23,6 @@ add_arg "--entryPoints.https.address=:${TRAEFIK_PORT_HTTPS:-443}"
 add_arg "--entryPoints.https.transport.respondingTimeouts.readTimeout=12h"
 add_arg "--entryPoints.https.transport.respondingTimeouts.writeTimeout=12h"
 add_arg "--entryPoints.https.transport.respondingTimeouts.idleTimeout=3m"
 # allow encoded characters
 # required for WOPI/Collabora
 add_arg "--entryPoints.https.http.encodedCharacters.allowEncodedSlash=true"
 add_arg "--entryPoints.https.http.encodedCharacters.allowEncodedQuestionMark=true"
 add_arg "--entryPoints.https.http.encodedCharacters.allowEncodedPercent=true"
 # required for file operations with supported encoded characters
 add_arg "--entryPoints.https.http.encodedCharacters.allowEncodedSemicolon=true"
 add_arg "--entryPoints.https.http.encodedCharacters.allowEncodedHash=true"
 # docker provider (get configuration from container labels)
 add_arg "--providers.docker.endpoint=unix:///var/run/docker.sock"
 add_arg "--providers.docker.exposedByDefault=false"
--- a/idm/ldap-keycloak.yml
+++ b/idm/ldap-keycloak.yml
@@ -96,6 +96,7 @@ services:
      KC_DB_USERNAME: ${KC_DB_USERNAME:-keycloak}
      KC_DB_PASSWORD: ${KC_DB_PASSWORD:-keycloak}
      KC_FEATURES: impersonation
      KC_LOG_LEVEL: ${KC_LOG_LEVEL:-INFO}
      KC_PROXY_HEADERS: xforwarded
      KC_HTTP_ENABLED: true
      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN:-kcadmin}
--- a/testing/external-keycloak.yml
+++ b/testing/external-keycloak.yml
@@ -32,6 +32,7 @@ services:
      KC_DB_USERNAME: ${KC_DB_USERNAME:-keycloak}
      KC_DB_PASSWORD: ${KC_DB_PASSWORD:-keycloak}
      KC_FEATURES: impersonation
      KC_LOG_LEVEL: ${KC_LOG_LEVEL:-INFO}
      KC_PROXY_HEADERS: xforwarded
      KC_HTTP_ENABLED: true
      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN:-kcadmin}
--- a/traefik/opencloud.yml
+++ b/traefik/opencloud.yml
@@ -9,7 +9,7 @@ services:
      - "traefik.http.services.opencloud.loadbalancer.server.port=9200"
      - "traefik.http.routers.opencloud.${TRAEFIK_SERVICES_TLS_CONFIG}"
  traefik:
-    image: traefik:v3.6.4
+    image: traefik:v3.6.7
    # release notes: https://github.com/traefik/traefik/releases
    user: ${TRAEFIK_CONTAINER_UID_GID:-0:0}
    networks:
Author	SHA1	Message	Date
Alexander Ackermann	3873623f4b	chore: bump traefik to 3.6.7	2026-02-02 09:57:57 +01:00
Alex	de88ca037b	fix add back slash to traefik allowed encoded characters (#211 )	2026-02-02 09:13:14 +01:00
Michael Barz	1b4cfb5759	Merge pull request #206 from aleksa-radojicic/add-kc-log-level Add support for KC_LOG_LEVEL env variable & fix KC credentials leaking in logs	2026-01-25 17:58:49 +01:00
aleksa.radojicic	1a231fa807	fix(keycloak): prevent env vars from being printed in logs The problem is credentials are displayed in the console, which poses a security risk in production. Printing the environment variables for log levels 'trace/debug' would help when debugging.	2026-01-25 11:46:52 +01:00
aleksa.radojicic	a79de3c5ee	feat(keycloak): add support for KC_LOG_LEVEL env variable KC_LOG_LEVEL is defined in the [official docs](https://www.keycloak.org/server/all-config?q=log-level).	2026-01-25 11:43:02 +01:00
Viktor Scharf	4e8f66ac5f	Merge pull request #201 from opencloud-eu/fix#31 update certs.yml example	2026-01-13 12:21:31 +01:00
Viktor Scharf	8ce6895188	update certs.yml example	2026-01-13 12:07:40 +01:00
Viktor Scharf	a0d5196dfa	Merge pull request #198 from opencloud-eu/add-default-language-to-docker-compose.yaml add the default language variable to the docker-compose.yaml	2026-01-08 20:07:30 +01:00