Run in docker-compose
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
version: '3.6' services: keycloak_web: image: quay.io/keycloak/keycloak:26.0.7 container_name: keycloak_web environment: KC_DB: postgres KC_DB_URL: jdbc:postgresql://keycloakdb:5432/keycloak KC_DB_USERNAME: keycloak KC_DB_PASSWORD: same_password_with_POSTGRES_PASSWORD PROXY_ADDRESS_FORWARDING: "true" KC_PROXY_HEADERS: "xforwarded" KC_LOG_LEVEL: info KC_METRICS_ENABLED: "true" KC_HEALTH_ENABLED: "true" KC_HEALTH_OPEN: "true" KC_BOOTSTRAP_ADMIN_USERNAME: admin KC_BOOTSTRAP_ADMIN_PASSWORD: superpassword KC_HOSTNAME: sso.yourdomain.dev KC_HTTPS_CERTIFICATE_FILE: /opt/ssl/fullchain.pem KC_HTTPS_CERTIFICATE_KEY_FILE: /opt/ssl/privkey.pem volumes: - /opt/ssl:/opt/ssl deploy: resources: limits: cpus: "2" memory: "2g" reservations: cpus: "1" memory: "1g" command: start depends_on: - keycloakdb ports: - 8443:8443 keycloakdb: image: postgres:15 volumes: - ./postgres_data:/var/lib/postgresql/data environment: POSTGRES_DB: keycloak POSTGRES_USER: keycloak POSTGRES_PASSWORD: same_password_with_KC_DB_PASSWORD |
Add nginx vh
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
server { server_name sso.yourdomain.dev; location / { proxy_pass https://localhost:8443; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Host $host; proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; proxy_buffering off; proxy_http_version 1.1; proxy_request_buffering off; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/sso.yourdomain.dev/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/sso.yourdomain.dev/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = sso.yourdomain.dev) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; server_name sso.yourdomain.dev; return 404; # managed by Certbot } |