Docker - Keycloak
Page content
KeyCloak
Keycloak is an open source identity and access management solution.
Requirements:
-
Linux Host with Docker & Docker Compose
-
Public IP Adress & FQDN Entry
-
Port 80/443 open from any
docker-compose.yml
version: "3.7"
services:
sso:
image: quay.io/keycloak/keycloak:21.0
container_name: "keycloak"
volumes:
- /etc/localtime:/etc/localtime:ro
- ./keycloak.conf:/opt/keycloak/conf/keycloak.conf
command:
- start-dev
environment:
- KEYCLOAK_ADMIN=admin
- KEYCLOAK_ADMIN_PASSWORD=XxXxXxXxXxXxXx
- PROXY_ADDRESS_FORWARDING=true
- VIRTUAL_HOST=keycloak.your.domain.de
- VIRTUAL_PORT=8080
- LETSENCRYPT_HOST=keycloak.your.domain.de
networks:
- internal
database:
image: postgres:13
container_name: "postgres"
environment:
- POSTGRES_USER=keycloak
- POSTGRES_DATABASE=keycloak
- POSTGRES_PASSWORD=XxXxXxXxXxXxXx
volumes:
- postgres_data:/var/lib/postgresql/data
networks:
- internal
proxy:
image: nginxproxy/nginx-proxy
container_name: "nginx"
ports:
- "443:443"
- "80:80"
volumes:
- conf:/etc/nginx/conf.d
- vhost:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- certs:/etc/nginx/certs
- /var/run/docker.sock:/tmp/docker.sock:ro
networks:
- internal
acme-companion:
image: nginxproxy/acme-companion
container_name: "acme-proxy"
environment:
- DEFAULT_EMAIL=<mail@your.domain.de>
volumes_from:
- proxy
volumes:
- certs:/etc/nginx/certs
- acme:/etc/acme.sh
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- internal
networks:
internal:
driver: bridge
driver_opts:
com.docker.network.driver.mtu: 1450
volumes:
postgres_data:
conf:
vhost:
html:
certs:
acme:
keycloak.conf
proxy=edge
db=postgres
db-url-host=postgres
db-user=keycloak
db-password=XxXxXxXxXxXxXxXx
db-database=keycloak
db-schema=public
hostname-strict=false
http-enabled=true
Up, Up, Up
docker compose up -d; docker compose logs -f
Any Comments ?
sha256: ae07bb4c0d896a00d456ec5e725109a85a45a165400d0e64a44e9bf46adda5a6