This project is a complete stack for running a secure Keycloak server with MariaDB as database and Nginx as reverse proxy with SSL enabled.
- Docker Engine
- Docker Compose
- A valid domain name
- Clone this repository on your local computer;
- Create a
.envand configure it according to your needs (see below); - Run
docker compose -f docker-compose-ssl.yml up -dto generate the SSL certificates; - Run
docker compose -f docker-compose-ssl.yml downto stop the container; - Run
docker compose up -dto start the stack; - Configure the
crontabto renew the SSL certificates automatically each 12 hours with the command:docker compose -f /path/to/docker-compose.yml up certbot.
Default admin username and password is: admin.
You can use mail SMTP hostname as mail and port 25 without authentication to send mails from Keycloak.
The environment variables are set in the .env file. The following variables are available:
| Variable | Description | Default value | Required |
|---|---|---|---|
| KEYCLOAK_DOMAIN | The domain to be used as Keycloak URL | Yes | |
| CERTBOT_LETSENCRYPT_EMAIL | The email to be used for Let's Encrypt registration | Yes | |
| SUBNET | The subnet to be used by the containers | 172.16.0.0/29 | No |
| KEYCLOAK_VERSION | The Keycloak version to be used | latest | No |
| MARIADB_VERSION | The MariaDB version to be used | latest | No |
| MARIADB_ROOT_PASSWORD | The password to be used for the MariaDB root user | toor | No |
| MARIADB_KEYCLOAK_PASSWORD | The password to be used for the Keycloak user in MariaDB | keycloak | No |
| NGINX_VERSION | The Nginx version to be used | latest | No |
| CERTBOT_VERSION | The Certbot version to be used | latest | No |
If you find this project useful here's how you can help:
- Send a Pull Request with your awesome new features and bug fixes
- Help new users with issues
MIT. See LICENSE for more details.