This project is a complete stack for running a secure Keycloak server with MariaDB as database and Nginx as reverse proxy with SSL enabled.
- Docker Engine
- Docker Compose
- A valid domain name
- Clone this repository on your local computer;
- Create a
.envand configure it according to your needs (see below); - Run
docker compose up -d -f docker-compose-ssl.ymlto generate the SSL certificates; - Run
docker compose down -f docker-compose-ssl.ymlto stop the container; - Run
docker compose up -dto start the stack. - Configure the
crontabto renew the SSL certificates automatically each 12 hours with the command:docker compose up -f /var/docker/docker-compose.yml certbot
The environment variables are set in the .env file. The following variables are available:
| Variable | Description | Default value | Required |
|---|---|---|---|
| KEYCLOAK_DOMAIN | The domain to be used as Keycloak URL | Yes | |
| CERTBOT_LETSENCRYPT_EMAIL | The email to be used for Let's Encrypt registration | Yes | |
| SUBNET | The subnet to be used by the containers | 172.16.0.0/29 | No |
| KEYCLOAK_VERSION | The Keycloak version to be used | latest | No |
| MARIADB_VERSION | The MariaDB version to be used | latest | No |
| MARIADB_ROOT_PASSWORD | The password to be used for the MariaDB root user | toor | No |
| MARIADB_KEYCLOAK_PASSWORD | The password to be used for the Keycloak user in MariaDB | keycloak | No |
| NGINX_VERSION | The Nginx version to be used | latest | No |
| CERTBOT_VERSION | The Certbot version to be used | latest | No |
If you find this project useful here's how you can help:
- Send a Pull Request with your awesome new features and bug fixes
- Help new users with issues
MIT. See LICENSE for more details.