Dockerfile
FROM quay.io/keycloak/keycloak:22.0.1 as builder
ENV KC_HEALTH_ENABLED=false
ENV KC_METRICS_ENABLED=false
ENV KC_DB=postgres
WORKDIR /opt/keycloak
RUN /opt/keycloak/bin/kc.sh build
FROM quay.io/keycloak/keycloak:22.0.1
COPY --from=builder /opt/keycloak/ /opt/keycloak/
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
ENV KC_HEALTH_ENABLED=false
ENV KC_METRICS_ENABLED=false
ENV KC_DB=postgres
WORKDIR /opt/keycloak
RUN /opt/keycloak/bin/kc.sh build
FROM quay.io/keycloak/keycloak:22.0.1
COPY --from=builder /opt/keycloak/ /opt/keycloak/
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
docker-compose.yml
version: '3'
services:
traefik:
image: "traefik:v2.9"
container_name: keycloak-traefik
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.email=<your-email>"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
# Uncomment for generating fake certificates and enabling debugging. Used for development, not production.
# - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
#- "--log.level=DEBUG"
ports:
- "443:443"
volumes:
- "./data/letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
keycloak-postgres:
image: postgres:13.2
container_name: keycloak-postgres
volumes:
- keycloak-postgres:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: <enter-postgres-password>
mykeycloak:
build: ./
image: mykeycloak
container_name: keycloak-keycloak
command:
- start --optimized --proxy edge
environment:
KC_HOSTNAME: <subdomain>
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: <enter-admin-password>
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://keycloak-postgres:5432/keycloak
KC_DB_USERNAME: keycloak
KC_DB_PASSWORD: <enter-postgres-password>
# KC_LOG_LEVEL: DEBUG
depends_on:
- postgres
labels:
- "traefik.enable=true"
- "traefik.http.routers.keycloak.rule=Host(`<subdomain>`)"
- "traefik.http.routers.keycloak.entrypoints=websecure"
- "traefik.http.routers.keycloak.tls.certresolver=myresolver"
- "traefik.http.services.keycloak.loadbalancer.server.port=8080"
volumes:
keycloak-postgres:
services:
traefik:
image: "traefik:v2.9"
container_name: keycloak-traefik
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.email=<your-email>"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
# Uncomment for generating fake certificates and enabling debugging. Used for development, not production.
# - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
#- "--log.level=DEBUG"
ports:
- "443:443"
volumes:
- "./data/letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
keycloak-postgres:
image: postgres:13.2
container_name: keycloak-postgres
volumes:
- keycloak-postgres:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: <enter-postgres-password>
mykeycloak:
build: ./
image: mykeycloak
container_name: keycloak-keycloak
command:
- start --optimized --proxy edge
environment:
KC_HOSTNAME: <subdomain>
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: <enter-admin-password>
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://keycloak-postgres:5432/keycloak
KC_DB_USERNAME: keycloak
KC_DB_PASSWORD: <enter-postgres-password>
# KC_LOG_LEVEL: DEBUG
depends_on:
- postgres
labels:
- "traefik.enable=true"
- "traefik.http.routers.keycloak.rule=Host(`<subdomain>`)"
- "traefik.http.routers.keycloak.entrypoints=websecure"
- "traefik.http.routers.keycloak.tls.certresolver=myresolver"
- "traefik.http.services.keycloak.loadbalancer.server.port=8080"
volumes:
keycloak-postgres:
Instructions
- Execute docker-compose up -d
- Go to https://<subdomain>
- Login as 'admin' with password used for <enter-admin-password>.