{"id":117186,"date":"2022-06-28T01:40:32","date_gmt":"2022-06-27T22:40:32","guid":{"rendered":"https:\/\/computingforgeeks.com\/?p=117186"},"modified":"2023-11-27T21:08:41","modified_gmt":"2023-11-27T18:08:41","slug":"run-keycloak-server-in-docker","status":"publish","type":"post","link":"https:\/\/computingforgeeks.com\/run-keycloak-server-in-docker\/","title":{"rendered":"Run Keycloak Server in Docker Containers with Let&#8217;s Encrypt SSL"},"content":{"rendered":"\n<p>An <strong>SSO<\/strong>(Single Sign-On) is a system that allows access to multiple independent, software systems using the same credentials. This simply means that with a single authentication, you can log into several services without providing a password. SSO systems are popular nowadays with Google, Facebook e.t.c using it. Today, there are many SSO servers, they include OneLogin, okta e.t.c<\/p>\n\n\n\n<p><strong>Keycloak<\/strong> is an open-source SSO provider that supports multiple protocols such as <em>OpenID Connect<\/em> and <em>SAML 2.0<\/em>. This Identity and Access Management System allows one to easily add authentication to an application and secure it. You can easily enable social login or use an existing Active Directory\/LDAP.<\/p>\n\n\n\n<p>Keycloak is a very extensible and highly configurable tool that offers the following features:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>User Federation<\/strong> &#8211; It allows one to sync users from Active Directory and LDAP servers.<\/li>\n\n\n\n<li><strong>Kerberos bridge<\/strong> &#8211; It can be used to automatically authenticate the users logged in to the Kerberos server.<\/li>\n\n\n\n<li><strong>Theme support<\/strong> &#8211; Customize its interface to integrate with your applications as desired.<\/li>\n\n\n\n<li><strong>Two-factor Authentication Support<\/strong> &#8211; It offers support for HOTP\/TOTP via Google Authenticator or FreeOTP.<\/li>\n\n\n\n<li><strong>Social Login<\/strong> &#8211; You can enable login with GitHub, Google, Facebook, Twitter and other social networks.<\/li>\n\n\n\n<li>It offers Single-Sign-On and Single-Sign-Out for browser applications.<\/li>\n\n\n\n<li><strong>Identity Brokering<\/strong> &#8211; it allows one to authenticate with external SAML or Open ID identity providers.<\/li>\n\n\n\n<li><strong>Session management<\/strong> &#8211; the admins can view and manage the user sessions.<\/li>\n\n\n\n<li>Client adapters for JavaScript applications, JBoss EAP, WildFly, Fuse, Jetty, Tomcat, Spring, etc.<\/li>\n<\/ul>\n\n\n\n<p>Below is an illustration of the Keycloak Architecture.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"987\" height=\"1024\" src=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/network-987x1024@2x-987x1024.png\" alt=\"\" class=\"wp-image-117188\" title=\"\" srcset=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/network-987x1024@2x-987x1024.png 987w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/network-987x1024@2x-289x300.png 289w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/network-987x1024@2x-768x797.png 768w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/network-987x1024@2x-696x722.png 696w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/network-987x1024@2x-1068x1108.png 1068w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/network-987x1024@2x-405x420.png 405w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/network-987x1024@2x.png 1100w\" sizes=\"auto, (max-width: 987px) 100vw, 987px\" \/><\/figure>\n\n\n\n<p>This guide offers the required knowledge on how to run Keycloak Server in Docker Containers with <a href=\"https:\/\/computingforgeeks.com\/install-dokuwiki-on-centos-with-lets-encrypt-ssl\/\">Let&#8217;s Encrypt<\/a> SSL.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Getting Started<\/h2>\n\n\n\n<p>We will begin by installing the required packages for this setup.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><em><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-purple-color\">## On Debian\/Ubuntu\n<\/mark><\/em>sudo apt update &amp;&amp; sudo apt upgrade -y\nsudo apt install curl vim git -y\n&#91; -e \/var\/run\/reboot-required ] &amp;&amp; sudo reboot\n\n<em><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-purple-color\">## On RHEL\/CentOS\/RockyLinux 8\n<\/mark><\/em>sudo yum -y update\nsudo yum -y install curl vim git\n\n<em><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-purple-color\">## On Fedora\n<\/mark><\/em>sudo dnf update\nsudo dnf -y install curl vim git<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Install Docker and Docker-Compose<\/h2>\n\n\n\n<p>This guide requires one to have docker and docker-compose installed. Below is a dedicated guide to help you install Docker on Linux.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/computingforgeeks.com\/solve-error-package-docker-ce-stable-requires-container-selinux\/\" target=\"_blank\" rel=\"noreferrer noopener\">How To Install Docker CE on Linux Systems<\/a><\/li>\n<\/ul>\n\n\n\n<p>Verify the installation as below:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-pink-color\"> docker -v<\/mark>\nDocker version 24.0.7, build afdd53b<\/code><\/pre>\n\n\n\n<p>Add your system user to the docker group.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo usermod -aG docker $USER\nnewgrp docker<\/code><\/pre>\n\n\n\n<p>Start and enable the docker service on your system.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl start docker &amp;&amp; sudo systemctl enable docker<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Create the Database Container<\/h2>\n\n\n\n<p>It is important to have a database when deploying the Keycloak Server Container. In this guide, we will run the PostgreSQL database container.<\/p>\n\n\n\n<p>Create a network for Keycloak.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker network create <em><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-purple-color\">keycloak-network<\/mark><\/em><\/code><\/pre>\n\n\n\n<p>Run PostgreSQL in the pod.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker run --name <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">db<\/mark> \\\n  --net keycloak-network \\\n  -e POSTGRES_USER=<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-luminous-vivid-amber-color\">admin<\/mark> \\\n  -e POSTGRES_PASSWORD=<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-purple-color\">Passw0rd<\/mark> \\\n  -e POSTGRES_DB=<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-cyan-blue-color\">keycloakdb<\/mark> \\\n  -d docker.io\/library\/postgres:latest<\/code><\/pre>\n\n\n\n<p>View the container.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$ <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-pink-color\">docker ps<\/mark>\nCONTAINER ID   IMAGE             COMMAND                  CREATED          STATUS          PORTS      NAMES\n479b1599d5a0   postgres:latest   \"docker-entrypoint.s\u2026\"   12 seconds ago   Up 10 seconds   5432\/tcp   db<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Provisioning the Keycloak Server Container<\/h2>\n\n\n\n<p>This guide provides two methods on how you can provision the Keycloak Server Container. These are:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Building your optimized Keycloak docker image<\/li>\n\n\n\n<li>Using ready Keycloak docker image<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">1. Using ready Keycloak docker image<\/h3>\n\n\n\n<p>You can also use the ready Keycloak docker image. The command below shows how you can run a standard Keycloak image.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker run -d \\\n  --net keycloak-network \\\n  --name keycloak \\\n  -e KEYCLOAK_USER=<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-cyan-blue-color\">admin<\/mark> \\\n  -e KEYCLOAK_PASSWORD=<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-purple-color\">StrongPassw0rd<\/mark> \\\n  -p 8080:8080 \\\n  -p 8443:8443 \\\n  -e KEYCLOAK_DB=postgres \\\n  -e KEYCLOAK_FEATURES=token-exchange \\\n  -e KEYCLOAK_DB_URL=jdbc:postgresql:\/\/db\/keycloakdb \\\n  -e KEYCLOAK_DB_USERNAME=<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-luminous-vivid-amber-color\">admin<\/mark> \\\n  -e KEYCLOAK_DB_PASSWORD=<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">Passw0rd<\/mark> \\\n  jboss\/keycloak<\/code><\/pre>\n\n\n\n<p>Remember to replace the database and Keycloak admin user credentials.<\/p>\n\n\n\n<p>Check the status of the container.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$ <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-pink-color\">docker ps<\/mark>\nCONTAINER ID   IMAGE             COMMAND                  CREATED             STATUS             PORTS                                                                                  NAMES\na910a9eaa5e1   jboss\/keycloak    \"\/opt\/jboss\/tools\/do\u2026\"   5 seconds ago       Up 4 seconds       0.0.0.0:8080-&gt;8080\/tcp, :::8080-&gt;8080\/tcp, 0.0.0.0:8443-&gt;8443\/tcp, :::8443-&gt;8443\/tcp   keycloak\n8f5e593eb517   postgres:latest   \"docker-entrypoint.s\u2026\"   About an hour ago   Up About an hour   5432\/tcp                                                                               db<\/code><\/pre>\n\n\n\n<p>Once complete, the container should be accessible on port <strong>8443<\/strong> can be accessed using the URL<a href=\"https:\/\/IP_address:8443\" target=\"_blank\" rel=\"noreferrer noopener\"> https:\/\/IP_address:8443<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2. Building your optimized Keycloak docker image<\/h3>\n\n\n\n<p>You can build your own Keycloak image with token exchange feature, health and metrics endpoints enabled, and uses the PostgreSQL database from the below Dockerfile.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>vim Dockerfile<\/code><\/pre>\n\n\n\n<p>Add the below lines to the file<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>FROM quay.io\/keycloak\/keycloak:latest as builder\n\nENV KC_HEALTH_ENABLED=true\nENV KC_METRICS_ENABLED=true\nENV KC_FEATURES=token-exchange\nENV KC_DB=<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-purple-color\">postgres<\/mark>\n\n<strong><em># Install custom providers\n<\/em><\/strong>RUN curl -sL https:\/\/github.com\/aerogear\/keycloak-metrics-spi\/releases\/download\/4.0.0\/keycloak-metrics-spi-4.0.0.jar -o \/opt\/keycloak\/providers\/keycloak-metrics-spi-4.0.0.jar\nRUN \/opt\/keycloak\/bin\/kc.sh build\n\nFROM quay.io\/keycloak\/keycloak:latest\nCOPY --from=builder \/opt\/keycloak\/ \/opt\/keycloak\/\nWORKDIR \/opt\/keycloak\n\n<em><strong># For demonstration purposes only, please make sure to use proper certificates in production instead<\/strong><\/em>\nRUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname \"CN=server\" -alias server -ext \"SAN:c=DNS:localhost,IP:127.0.0.1\" -keystore conf\/server.keystore\n\n<strong><em># Change these values to point to a running postgres instance\n<\/em><\/strong>ENV KC_DB_URL=jdbc:postgresql:\/\/db\/<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">keycloakdb<\/mark>\nENV KC_DB_USERNAME=<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-cyan-blue-color\">admin<\/mark>\nENV KC_DB_PASSWORD=<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">Passw0rd<\/mark>\nENV KC_HOSTNAME=localhost\n\nENTRYPOINT &#91;\"\/opt\/keycloak\/bin\/kc.sh\", \"start\"]<\/code><\/pre>\n\n\n\n<p>Remember to replace the <strong>database credentials<\/strong> and the IP address in the <strong>DB_URL<\/strong> appropriately before we proceed to build the image.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker build . -t keycloak_image<\/code><\/pre>\n\n\n\n<p>Once the image has been built, view it:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$ <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-pink-color\">docker images<\/mark>\nREPOSITORY                  TAG       IMAGE ID       CREATED          SIZE\n<strong>keycloak_image              latest    c7e3a15f28de   5 seconds ago    754MB\n<\/strong>&lt;none&gt;                      &lt;none&gt;    faf55943f0f2   13 seconds ago   734MB\nquay.io\/keycloak\/keycloak   latest    a669b057e631   36 hours ago     562MB\npostgres                    latest    74b0c105737a   44 hours ago     376MB<\/code><\/pre>\n\n\n\n<p>Now run Keycloak in the created pod using the optimized image.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>In production mode<\/strong> (with secure defaults)<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>docker run --name keycloak --net keycloak-network -p 8443:8443 -e KEYCLOAK_ADMIN=myadmin -e KEYCLOAK_ADMIN_PASSWORD=StrongPassw0rd -d keycloak_image<\/code><\/pre>\n\n\n\n<p>The container will be created as below:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$ <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-pink-color\">docker ps<\/mark>\nCONTAINER ID   IMAGE             COMMAND                  CREATED         STATUS         PORTS                                                 NAMES\n78eb8a3e6ecc   keycloak_image    \"\/opt\/keycloak\/bin\/k\u2026\"   4 seconds ago   Up 3 seconds   8080\/tcp, 0.0.0.0:8443-&gt;8443\/tcp, :::8443-&gt;8443\/tcp   keycloak\nf6f538e7c097   postgres:latest   \"docker-entrypoint.s\u2026\"   2 minutes ago   Up 2 minutes   0.0.0.0:5432-&gt;5432\/tcp, :::5432-&gt;5432\/tcp             db<\/code><\/pre>\n\n\n\n<p>Once complete, the container should be accessible on port <strong>8443<\/strong> can be accessed using the URL<a href=\"https:\/\/IP_address:8443\" target=\"_blank\" rel=\"noreferrer noopener\"> https:\/\/IP_address:8443<\/a><\/p>\n\n\n\n<p>The health checkpoints are:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/localhost:8443\/health\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/localhost:8443\/health<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/localhost:8443\/health\/ready\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/localhost:8443\/health\/ready<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/localhost:8443\/health\/live\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/localhost:8443\/health\/live<\/a><\/li>\n<\/ul>\n\n\n\n<p>Metrics are available at:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/localhost:8443\/metrics\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/localhost:8443\/metrics<\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Step 4 &#8211; Access and Use Keycloak Server<\/h2>\n\n\n\n<p>Access Keycloak using the URL <a href=\"https:\/\/IP_address:8443\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/IP_address:8443<\/a>. Login with the username as set in the Docker environment variables.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"542\" src=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2023\/11\/Keycloak-login-1024x542.png\" alt=\"\" class=\"wp-image-148187\" title=\"\" srcset=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2023\/11\/Keycloak-login-1024x542.png 1024w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2023\/11\/Keycloak-login-300x159.png 300w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2023\/11\/Keycloak-login-768x407.png 768w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2023\/11\/Keycloak-login-1536x813.png 1536w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2023\/11\/Keycloak-login-2048x1084.png 2048w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2023\/11\/Keycloak-login-696x369.png 696w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2023\/11\/Keycloak-login-1068x565.png 1068w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2023\/11\/Keycloak-login-793x420.png 793w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>The default as provided in this article is username <strong>admin <\/strong>and the password is <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-purple-color\">StrongPassw0rd<\/mark>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"910\" height=\"633\" src=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-1.png\" alt=\"\" class=\"wp-image-117929\" title=\"\" srcset=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-1.png 910w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-1-300x209.png 300w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-1-768x534.png 768w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-1-696x484.png 696w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-1-604x420.png 604w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-1-100x70.png 100w\" sizes=\"auto, (max-width: 910px) 100vw, 910px\" \/><\/figure>\n\n\n\n<p>Proceed to the admin console and log in using the created user.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"520\" height=\"494\" src=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-2.png\" alt=\"\" class=\"wp-image-117931\" title=\"\" srcset=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-2.png 520w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-2-300x285.png 300w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-2-442x420.png 442w\" sizes=\"auto, (max-width: 520px) 100vw, 520px\" \/><\/figure>\n\n\n\n<p>With the correct user credentials provided, you will be authenticated to the dashboard below.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"478\" src=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-3-1024x478.png\" alt=\"\" class=\"wp-image-117932\" title=\"\" srcset=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-3-1024x478.png 1024w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-3-300x140.png 300w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-3-768x358.png 768w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-3-696x325.png 696w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-3-1068x498.png 1068w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-3-900x420.png 900w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-3.png 1256w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>We already have a <strong>Realm<\/strong> created, we will proceed and add a new client in the <strong>Clients<\/strong> tab.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"465\" src=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-4-1024x465.png\" alt=\"\" class=\"wp-image-117933\" title=\"\" srcset=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-4-1024x465.png 1024w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-4-300x136.png 300w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-4-768x349.png 768w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-4-696x316.png 696w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-4-1068x485.png 1068w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-4-925x420.png 925w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-4.png 1271w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Provide the details for the client.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"482\" src=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-5-1024x482.png\" alt=\"\" class=\"wp-image-117934\" title=\"\" srcset=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-5-1024x482.png 1024w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-5-300x141.png 300w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-5-768x362.png 768w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-5-696x328.png 696w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-5-1068x503.png 1068w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-5-892x420.png 892w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-5.png 1072w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Provide the URL path of your <em>application<\/em> under &#8220;<strong>Valid redirect URL<\/strong>&#8220;.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"688\" height=\"776\" src=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-6.png\" alt=\"\" class=\"wp-image-117935\" title=\"\" srcset=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-6.png 688w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-6-266x300.png 266w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-6-372x420.png 372w\" sizes=\"auto, (max-width: 688px) 100vw, 688px\" \/><\/figure>\n\n\n\n<p>You can also create a new user in the user tab.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"903\" height=\"536\" src=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-7.png\" alt=\"\" class=\"wp-image-117936\" title=\"\" srcset=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-7.png 903w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-7-300x178.png 300w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-7-768x456.png 768w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-7-696x413.png 696w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-7-708x420.png 708w\" sizes=\"auto, (max-width: 903px) 100vw, 903px\" \/><\/figure>\n\n\n\n<p>Proceed to the Credentials tab and set the password for the user.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"833\" height=\"597\" src=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-8.png\" alt=\"\" class=\"wp-image-117937\" title=\"\" srcset=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-8.png 833w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-8-300x215.png 300w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-8-768x550.png 768w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-8-696x499.png 696w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-8-586x420.png 586w\" sizes=\"auto, (max-width: 833px) 100vw, 833px\" \/><\/figure>\n\n\n\n<p>Assign roles to the created user in the roles tab<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"840\" height=\"378\" src=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-9.png\" alt=\"\" class=\"wp-image-117938\" title=\"\" srcset=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-9.png 840w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-9-300x135.png 300w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-9-768x346.png 768w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/04\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-9-696x313.png 696w\" sizes=\"auto, (max-width: 840px) 100vw, 840px\" \/><\/figure>\n\n\n\n<p>That was a brief demonstration on how to get started with Keycloak.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 5 &#8211; Secure Keycloak with Let&#8217;s Encrypt SSL<\/h2>\n\n\n\n<p>It is necessary to secure your Keycloak server with <a href=\"https:\/\/computingforgeeks.com\/how-to-install-ssl-certificate-on-windows-iis-server\/\">SSL certificate<\/a>s to prevent the credentials from traveling along the unprotected wire. In this guide, we will use Let&#8217;s Encrypt to issue free trusted SSL certificates for our domain name.<\/p>\n\n\n\n<p>First, install and configure a reverse proxy with Nginx.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><em><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-purple-color\">##On RHEL 8\/CentOS\/Rocky Linux 8\/Fedora\n<\/mark><\/em>sudo dnf install https:\/\/dl.fedoraproject.org\/pub\/epel\/epel-release-latest-8.noarch.rpm \nsudo yum install nginx certbot python3-certbot-nginx\n\n<em><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-purple-color\">##On Debian\/Ubuntu\n<\/mark><\/em>sudo apt install nginx certbot python3-certbot-nginx<\/code><\/pre>\n\n\n\n<p>Proceed and create a Virtual Host file.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo vim \/etc\/nginx\/conf.d\/keycloak.conf<\/code><\/pre>\n\n\n\n<p>The file will contain the below lines.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>server {\n    listen 80;\n    server_name <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-luminous-vivid-orange-color\">keycloak.example.com<\/mark>;\n    client_max_body_size 25m;\n\n   location \/ {\n   proxy_pass https:\/\/localhost:8443\/;\n   proxy_set_header Host $http_host;\n   proxy_set_header X-Real-IP $remote_addr;\n   proxy_set_header X-Forwarded-Proto $scheme;\n  }\n\n  error_page 404 \/404.html;\n  location = \/40x.html {\n}\n\n  error_page 500 502 503 504 \/50x.html;\n  location = \/50x.html {\n}\n}<\/code><\/pre>\n\n\n\n<p>Save the  file restart and enable Nginx<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl restart nginx\nsudo systemctl enable nginx<\/code><\/pre>\n\n\n\n<p>Proceed and generate SSL certificates for the domain name with the command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo certbot --nginx<\/code><\/pre>\n\n\n\n<p>Proceed as below.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Saving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\nEnter email address (used for urgent renewal and security notices)\n (Enter 'c' to cancel): Enter a valid Email address here          \n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nPlease read the Terms of Service at\nhttps:\/\/letsencrypt.org\/documents\/LE-SA-v1.2-November-15-2017.pdf. You must\nagree in order to register with the ACME server. Do you agree?\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n(Y)es\/(N)o: <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-luminous-vivid-orange-color\">y<\/mark>\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nWould you be willing, once your first certificate is successfully issued, to\nshare your email address with the Electronic Frontier Foundation, a founding\npartner of the Let's Encrypt project and the non-profit organization that\ndevelops Certbot? We'd like to send you email about our work encrypting the web,\nEFF news, campaigns, and ways to support digital freedom.\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n(Y)es\/(N)o: <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-luminous-vivid-orange-color\">y<\/mark>\nAccount registered.\n\nWhich names would you like to activate HTTPS for?\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n1: keycloak.example.com\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nSelect the appropriate numbers separated by commas and\/or spaces, or leave input\nblank to select all options shown (Enter 'c' to cancel): <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-luminous-vivid-orange-color\">1<\/mark>\n\nRequesting a certificate for keycloak.example.com\nPerforming the following challenges:\nhttp-01 challenge for keycloak.example.com\nWaiting for verification...\nCleaning up challenges\nDeploying Certificate to VirtualHost \/etc\/nginx\/conf.d\/keycloak.conf\n\nPlease choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n1: No redirect - Make no further changes to the webserver configuration.\n2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for\nnew sites, or if you're confident your site works on HTTPS. You can undo this\nchange by editing your web server's configuration.\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nSelect the appropriate number &#91;1-2] then &#91;enter] (press 'c' to cancel): <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-luminous-vivid-orange-color\">2<\/mark>\nRedirecting all traffic on port 80 to ssl in \/etc\/nginx\/conf.d\/keycloak.conf\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nCongratulations! You have successfully enabled https:\/\/keycloak.example.com\n...<\/code><\/pre>\n\n\n\n<p>Now proceed and access your Keycloak server with <strong><em>HTTPS<\/em><\/strong> using the URL <a href=\"https:\/\/domain_name\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>https:\/\/domain_name<\/strong><\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"991\" height=\"669\" src=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/05\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-10.png\" alt=\"\" class=\"wp-image-117978\" title=\"\" srcset=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/05\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-10.png 991w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/05\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-10-300x203.png 300w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/05\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-10-768x518.png 768w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/05\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-10-696x470.png 696w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/05\/Run-Keycloak-Server-in-Docker-Containers-with-Lets-Encrypt-SSL-10-622x420.png 622w\" sizes=\"auto, (max-width: 991px) 100vw, 991px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Closing Thoughts.<\/h2>\n\n\n\n<p>This guide not only provides the required knowledge on how to run the Keycloak Server in Docker Containers with Let\u2019s Encrypt SSL but also knowledge on how to get started with the Keycloak SSO system.<\/p>\n\n\n\n<p>Related guides:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/computingforgeeks.com\/how-to-run-ghost-cms-in-docker-containers\/\" target=\"_blank\" rel=\"noreferrer noopener\">How To Run Ghost CMS in Docker Containers<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/computingforgeeks.com\/how-to-run-graylog-server-in-docker-containers\/\" target=\"_blank\" rel=\"noreferrer noopener\">How To Run Graylog Server in Docker Containers<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/computingforgeeks.com\/how-to-run-plex-media-server-in-docker-containers\/\" target=\"_blank\" rel=\"noreferrer noopener\">How To Run Plex Media Server in Docker Containers<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>An SSO(Single Sign-On) is a system that allows access to multiple independent, software systems using the same credentials. This simply means that with a single authentication, you can log into several services without providing a password. SSO systems are popular nowadays with Google, Facebook e.t.c using it. Today, there are many SSO servers, they include &#8230; <a title=\"Run Keycloak Server in Docker Containers with Let&#8217;s Encrypt SSL\" class=\"read-more\" href=\"https:\/\/computingforgeeks.com\/run-keycloak-server-in-docker\/\" aria-label=\"Read more about Run Keycloak Server in Docker Containers with Let&#8217;s Encrypt SSL\">Read more<\/a><\/p>\n","protected":false},"author":21,"featured_media":117938,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[316,27,299,75],"tags":[37553,37552],"class_list":["post-117186","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-containers","category-docker","category-how-to","category-security","tag-keycloak-docker","tag-keycloak-server-in-docker"],"_links":{"self":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/posts\/117186","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/comments?post=117186"}],"version-history":[{"count":0,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/posts\/117186\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/media\/117938"}],"wp:attachment":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/media?parent=117186"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/categories?post=117186"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/tags?post=117186"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}