Skip to content

stelzo/keycloak-letsencrypt

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

Keycloak Let’s Encrypt 🔐

The current effort to get Keycloak running with renewing Let’s Encrypt certificates is too ... keystores for me.

This repo will just use Let's Encrypt. Maybe not the right thing for big businesses but sufficient for many others.

tldr

Use the patched docker image stelzo/keycloak:latest or build it yourself with Dockerfile in this repo.

detailed setup guide

You need to have installed:

Then start with cloning the repo.

$ git clone https://github.com/stelzo/keycloak-letsencrypt.git

Create a new Nginx config for Keycloak in /etc/nginx/sites-available/<your-domain>.conf with the following content.

server {
  server_name <your-domain>;
  allow all;
  listen 80;

  location / {
    proxy_pass          http://localhost:8080/;
    proxy_set_header    Host               $host;
    proxy_set_header    X-Real-IP          $remote_addr;
    proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Host   $host;
    proxy_set_header    X-Forwarded-Server $host;
    proxy_set_header    X-Forwarded-Port   443;
    proxy_set_header    X-Forwarded-Proto  https;
  }
}

Create a symlink from your config to the enabled sites.

$ sudo ln -s /etc/nginx/sites-available/<your-domain>.conf /etc/nginx/sites-enabled/<your-domain>.conf

Check if you made any mistakes with sudo nginx -t and let Nginx load the new config sudo nginx -s reload.

Get your SSL certificate. For this to work, your domain needs to point to the server you are running this on.

$ sudo certbot --nginx

Now take a look into the docker-compose.yml.

  1. Change the passwords!
  2. Create your admin account with KEYCLOAK_USER and KEYCLOAK_PASSWORD environment variables.
  3. Start the containers. docker-compose up -d.

You are ready to go! Visit https://<your-domain>/.

You can restart your Keycloak server with docker-compose -f /path/to/docker-compose.yml restart keycloak.

Management Console

The WildFly (Application Server Keycloak runs on) management console does not currently work with the nginx proxy (as seen in the article) but it starts on port 9990 on your machine if you need it. It is only http though.

Add an account.

$ docker exec keycloak /opt/jboss/keycloak/bin/add-user.sh -u <username> -p <password> -cw

Reload the server inside the container.

$ docker exec keycloak /opt/jboss/keycloak/bin/jboss-cli.sh --connect --command=reload

You can reach it at http://yourdomain.com:9990/management.

Credit

This is basically a dockerized version of this article. Many thanks to Christoph Dyllick-Brenzinger!

License

MIT

About

Keycloak in Docker with Let’s Encrypt certificates.

Topics

letsencrypt docker nginx keycloak docker-compose https certbot

Resources

Readme

License

MIT license
Activity

Stars

10 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages