Skip to main content

Installation Keycloak mit Docker

Aufbau Docker Container

version: "3.7"

services:    
  sso:
    image: quay.io/keycloak/keycloak:22.0.1
    container_name: "keycloak"
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./keycloak.conf:/opt/keycloak/conf/keycloak.conf
    command:
      - start-dev
    environment:
      - KEYCLOAK_ADMIN=admin
      - KEYCLOAK_ADMIN_PASSWORD=changeme
      - PROXY_ADDRESS_FORWARDING=true
      - VIRTUAL_HOST=dev-keycloak.mydomain.com
      - VIRTUAL_PORT=8080
      - LETSENCRYPT_HOST=dev-keycloak.mydomain.com
      - KC_DB_PASSWORD=changeme
    networks:
      - internal

  database:
    image: postgres:15
    container_name: "postgres"
    environment:
      - POSTGRES_USER=keycloak
      - POSTGRES_DATABASE=keycloak
      - POSTGRES_PASSWORD=changeme
    volumes:
      - postgres_data:/var/lib/postgresql/data
    networks:
      - internal

  proxy:
    image: nginxproxy/nginx-proxy
    container_name: "nginx"
    ports:
      - "443:443"
      - "80:80"
    volumes:
      - conf:/etc/nginx/conf.d
      - vhost:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - certs:/etc/nginx/certs
      - /var/run/docker.sock:/tmp/docker.sock:ro
    networks:
      - internal

  acme-companion:
    image: nginxproxy/acme-companion
    container_name: "acme-proxy"
    environment:
      - DEFAULT_EMAIL=<YOUREMAIL@YOURDOMAIN.COM>
    volumes_from:
      - proxy
    volumes:
      - certs:/etc/nginx/certs
      - acme:/etc/acme.sh
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - internal

networks:
  internal:
    driver: bridge
    driver_opts:
      # Openstack spezifisch, kann auf 1500 gelassen werden wenn ihr auf
      # Bare Metal lauft. 
      com.docker.network.driver.mtu: 1450

volumes:
  postgres_data:
  conf:
  vhost:
  html:
  certs:
  acme:

Aufbau Konfigurationsfiles

docker-compose/keycloak.conf

proxy=edge
db=postgres
db-url-host=postgres
db-user=keycloak
db-password=changeme
db-database=keycloak
db-schema=public
hostname-strict=false
http-enabled=true

docker-compose/proxy.conf

# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $proxy_x_forwarded_host;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
proxy_set_header X-Original-URI $request_uri;

Überprüfen der Konfiguration

docker exec -it keycloak /opt/keycloak/bin/kc.sh show-config

Back to top