Install Keycloak with Docker Compose
This article is for those looking for a detailed and straightforward guide on installing Keycloak with Docker Compose.
Keycloak is an open-source, identity and access management single sign-on solution for modern applications and services.
In this guide, we will consider the case when you already have a server with the Ubuntu Server 22.04 LTS operating system installed on it.
You can read more about how to install Ubuntu Server 22.04 LTS in my guide “Install Ubuntu Server 22.04 LTS”.
Also, the server must have Docker Engine and Docker Compose installed.
You can learn how to install Docker Engine and Docker Compose on Ubuntu Server by reading “Install Docker Engine and Docker Compose on Ubuntu Server”.
In addition, OpenSSH must be installed on the server, and port 22 must be open in order to be able to connect to the server using the SSH protocol.
To install OpenSSH on a server, you can use the command:
If you plan to connect to the server using the Windows operating system, you can use PuTTY or MobaXterm.
This guide describes how to connect to a server using the iTerm2 terminal emulator installed on the macOS operating system.
Please note that you will need to open the following TCP ports to access your server:
- TCP port 80 - to receive a free cryptographic certificate through the Let’s Encrypt CA.
- TCP port 443 - to access the Keycloak web interface.
We connect to the server on which you plan to install Keycloak.
Now you need to create a YAML configuration file that will contain all the necessary conditions for Keycloak to work.
Let’s create a YAML configuration file using a text editor using the command:
Hit the “i” button to go into edit mode, then insert the following configuration for Keycloak to work.
Next, you need to make changes to the configuration so that the contents of the file match your conditions. Parameters that need to be checked or changed are marked “(replace with yours)”.
In this guide, the keycloak.heyvaldemar.net subdomain will be used to access Keycloak from the Internet. You will need to specify your domain or subdomain by which your Keycloak will be accessible from the Internet.
Please note that in this guide, Postgres will be used as a database management system, and Traefik will be used as a reverse proxy.
In the “traefik.http.middlewares.authtraefik.basicauth.users” parameter, you must specify the username and password hash to access the Traefik dashboard.
Please note that you can use this service to get the password hash.
Now press the “Esc” button to exit edit mode, then type “:x” and press the “Enter” button to save your changes and exit the editor.
Now let’s start Keycloak with the command:
From the workstation, go to the link https://keycloak.heyvaldemar.net, where keycloak.heyvaldemar.net is the name of my server. Accordingly, you need to specify the name of your server with Keycloak installed.
Click on the “Administration Console” button.
Specify the login that you specified earlier in the YAML configuration file in the “KEYCLOAK_USER” variable.
Next, we specify the password that you specified earlier in the YAML configuration file in the “KEYCLOAK_PASSWORD” variable.
Click on the “Sign In” button.
Welcome to the Traefik dashboard.
To access the Traefik control panel, go to the link https://traefik.keycloak.heyvaldemar.net from the workstation, where traefik.keycloak.heyvaldemar.net is the name of my server. Accordingly, you need to specify the name of your server with Traefik installed.
Specify the username and password specified earlier in the YAML configuration file and click on the “OK” button.
Welcome to the Traefik dashboard.