Install Keycloak Using Docker Compose

This article is for those looking for a detailed and straightforward guide on installing Keycloak using Docker Compose.

Keycloak is an open-source software that provides single sign-on, identity, and access management for modern applications and services.

💾 You can find the repository used in this guide on GitHub.

NOTE

We’ll use Traefik as our reverse proxy. It’ll handle obtaining cryptographic certificates from Let’s Encrypt for your domain names and route requests to the corresponding services based on those domains.

CAUTION

To obtain cryptographic certificates, you will need A-type records in the external DNS zone, which point to the IP address of your server where Traefik is installed. If you have created these records recently, you should wait before starting the installation of the services. Full replication of these records between DNS servers can take from a few minutes to 48 hours or even longer in rare cases.

IMPORTANT

Docker Engine and Docker Compose must be installed on the server.

For a step-by-step guide on installing Docker Engine on Ubuntu Server, see Install Docker Engine and Docker Compose on Ubuntu Server

IMPORTANT

OpenSSH must be installed on the server, and port 22 must be open in order to be able to connect to the server using the SSH protocol.

To install OpenSSH on the server you can use the command:

1
sudo apt install openssh-server

NOTE

To connect to the server from a Windows system, you can use tools like PuTTY or MobaXterm.

NOTE

This guide walks you through connecting to a server with the iTerm2 terminal emulator on macOS.

CAUTION

You will need to open the following TCP ports for access to the services:

• TCP port 80 - to obtain a free cryptographic certificate through the Let’s Encrypt certification center.
• TCP port 443 - to access the Keycloak web interface.

We connect to the server on which Keycloak is planned to be installed.

Now it is necessary to create networks for your services.

We create a network for Traefik using the command:

1
docker network create traefik-network

We create a network for Keycloak using the command:

1
docker network create keycloak-network

Next, you need to clone the repository that contains the configuration files, which include all the necessary conditions for Keycloak to work.

You can clone the repository using the command:

1
git clone https://github.com/heyvaldemar/keycloak-traefik-letsencrypt-docker-compose.git

Navigate to the directory with the repository using the command:

1
cd keycloak-traefik-letsencrypt-docker-compose

Next, you need to change the variables in the .env file according to your requirements.

IMPORTANT

The .env file should be in the same directory as keycloak-traefik-letsencrypt-docker-compose.yml.

Now let’s start Keycloak with the command:

1
docker compose -f keycloak-traefik-letsencrypt-docker-compose.yml -p keycloak up -d

To access the Keycloak management panel, go to https://keycloak.heyvaldemar.net from your workstation, where keycloak.heyvaldemar.net is the domain name of my service. Accordingly, you need to specify your domain name that points to the IP address of your server with the installed Traefik service, which will redirect the request to Keycloak.

NOTE

You need to specify the domain name of the service, previously defined in the .env file.

Click on the “Administration Console” button.

Enter the username and password previously set in the .env file, and click the “Sign In” button.

Welcome to the Keycloak control panel.

To access the Traefik control panel, go to https://traefik.keycloak.heyvaldemar.net from your workstation, where traefik.keycloak.heyvaldemar.net is the domain name of my service. Accordingly, you need to specify your domain name that points to the IP address of your server with the installed Traefik.

NOTE

You need to specify the domain name of the service, previously defined in the .env file.

Enter the username and password previously set in the .env file, and click the “OK” button.

Welcome to the Traefik control panel.