Custom Domains
Presswerk requires two domains — one for the application and one for Keycloak:
| Service | Example |
|---|---|
| Application | reports.acme.com |
| Keycloak | auth.acme.com |
DNS Configuration
Section titled “DNS Configuration”Create DNS records pointing to your server:
reports.acme.com A 203.0.113.10auth.acme.com A 203.0.113.10Or use CNAME records if your server has a hostname:
reports.acme.com CNAME presswerk.acme.comauth.acme.com CNAME presswerk.acme.comEnvironment Configuration
Section titled “Environment Configuration”Set these variables in your .env:
APP_DOMAIN=reports.acme.comKEYCLOAK_HOSTNAME=auth.acme.comKEYCLOAK_PUBLIC_URL=https://auth.acme.comRestart services after changing domains:
docker compose down && docker compose up -dUpdate Keycloak Client
Section titled “Update Keycloak Client”After changing domains, update the redirect URIs in Keycloak:
- Open
https://auth.acme.com/admin - Select the presswerk realm
- Go to Clients → presswerk-web
- Update Valid Redirect URIs to
https://reports.acme.com/* - Update Web Origins to
https://reports.acme.com - Save
Split-DNS
Section titled “Split-DNS”In corporate networks where internal and external DNS differ, ensure:
- The application container can reach Keycloak via the internal network (
http://keycloak:8080— already configured in Docker Compose) - Users’ browsers can reach Keycloak via the public domain (
https://auth.acme.com) - The public domain resolves correctly from both inside and outside the network
If your internal DNS cannot resolve the public domain, add host aliases to the Docker Compose:
services: app: extra_hosts: - "auth.acme.com:host-gateway"Subdomain vs. Subpath
Section titled “Subdomain vs. Subpath”Presswerk requires separate domains (or subdomains) for the application and Keycloak. Running both on the same domain under different paths (e.g. /app and /auth) is not supported.