FROM quay.io/keycloak/keycloak:26.0

ENV KC_DB=postgres
ENV KC_FEATURES=token-exchange,scripts,admin-fine-grained-authz
ENV KC_HOSTNAME=https://auth.ccchb.de
ENV KC_HTTP_ENABLED=true
ENV KC_PROXY_HEADERS=xforwarded

RUN /opt/keycloak/bin/kc.sh build

ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]