A fork of basecamp/once-campfire maintained for internal use at base14, with Postgres as the system of record, Keycloak SSO, and a few UI tweaks.
We chose to fork rather than overlay so changes live as ordinary Rails code in this repository — easier to read, review, and rebase against upstream when we want.
Note: this is an internal tool. We publish it because the modifications might be useful to others, but support and roadmap are driven by base14's needs first.
| Upstream | This fork | |
|---|---|---|
| Database | SQLite + FTS5 | Postgres + tsvector / GIN |
| Cache & queues | Redis | Valkey (Redis-compatible) |
| Auth | Email + password only | Email + password and Keycloak/OIDC SSO |
| Login UI | Email/password form, admin email exposed via mailto | "Login" SSO button (gated on KEYCLOAK_ENABLED), password fallback collapsed under a disclosure, no admin-mailto leak |
| Search backend | SQLite FTS5 virtual table | Postgres tsvector index with websearch_to_tsquery |
| Backup script | SQLite native backup | pg_dump --format=custom |
Everything else — chat, attachments, push notifications, bots, API — is upstream Campfire unchanged.
Two stacks are provided:
compose.yml— full stack (Postgres + Valkey + Keycloak + Campfire)compose.deps.yml— dependencies only, for running Rails on your host
cp .env.sample .env
# generate SECRET_KEY_BASE and edit .env
make setup-host # adds 127.0.0.1 keycloak.local to /etc/hosts (sudo)
make build
make upOpen http://localhost:8080. Sign in with the bundled Keycloak users (alice@base14.dev / password) or create a password account.
cp .env.sample .env
# edit .env (or rely on the per-env .env.development pattern)
make deps-up # postgres + valkey + keycloak on localhost
bundle install
bin/rails db:prepare
bin/rails server # http://localhost:3000dotenv-rails auto-loads .env, so bin/rails, rake, etc. pick up the same vars docker compose reads.
See .env.sample for the full list. The Keycloak knobs:
| Var | Purpose |
|---|---|
KEYCLOAK_ENABLED |
Toggle SSO. When unset, the app falls back to upstream email+password behavior |
KEYCLOAK_ISSUER |
OIDC issuer URL (browser-facing) |
KEYCLOAK_INTERNAL_URL |
Optional server-side base URL when the issuer hostname isn't reachable inside the compose network |
KEYCLOAK_CLIENT_ID / KEYCLOAK_CLIENT_SECRET |
OIDC client credentials |
KEYCLOAK_REDIRECT_URI |
Must match the URI registered in the realm |
SSO_AUTO_PROVISION |
When 1, first SSO login auto-creates the local User |
SSO_ONLY |
When 1, hide the password fallback on the login page |
These are the planned changes. Items are roughly ordered, but priorities shift as we hit real usage.
- Keycloak SSO — realm-to-room authorization. Map Keycloak realm roles or group membership to Campfire room access so some realms can be restricted to specific rooms (e.g. an "ops" realm sees the
#incidentsroom but not#sales). Today, all SSO users land with no rooms and rely on an admin to add them. - Theme improvements. A proper dark/light tokenization and a base14 brand theme rather than a force-light CSS hack. Treat logo, fonts, accent colors, and Action Text styling holistically.
- Helm chart. Deploy to Kubernetes with a single chart that wires Postgres, Valkey/Redis, and the Campfire app, with config exposed via
values.yaml. Bring-your-own-Keycloak. - HA setup. Run multiple Campfire replicas behind a load balancer with shared Postgres + Redis, externalize Active Storage to S3-compatible object storage, and document the failover/restore runbook. The fork's switch from SQLite to Postgres is the prerequisite for this.
If something here matters to your deployment, open an issue or PR — base14 uses this repo for our own chat, so meaningful contributions will land.
git remote add upstream https://github.com/basecamp/once-campfire
git fetch upstream
git log v1.4.3..upstream/main --oneline # see what changed
git merge upstream/v1.5.0 # or whatever tag you want, resolve conflictsThe conflict surface is small (a dozen files): Gemfile, config/database.yml, the new search migration, app/models/message/searchable.rb, the login view, and the SSO-related additions under app/controllers/.
MIT, same as upstream basecamp/once-campfire. See LICENSE.