{"id":26829622,"url":"https://github.com/murat-polat/keycloak-deployment-example","last_synced_at":"2026-02-14T03:33:57.556Z","repository":{"id":284031249,"uuid":"953210559","full_name":"murat-polat/keycloak-deployment-example","owner":"murat-polat","description":"Keycloack production deployment with secure SSL/HTTPS, and Caddy server","archived":false,"fork":false,"pushed_at":"2025-03-23T20:45:03.000Z","size":324,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-10-03T21:02:16.948Z","etag":null,"topics":["caddy","docker-compose","keycloak"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/murat-polat.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-03-22T20:26:41.000Z","updated_at":"2025-03-23T20:52:42.000Z","dependencies_parsed_at":null,"dependency_job_id":"a92ea358-adc4-4343-88b4-dc9739d4b8a4","html_url":"https://github.com/murat-polat/keycloak-deployment-example","commit_stats":null,"previous_names":["murat-polat/keycloak-deployment-example"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/murat-polat/keycloak-deployment-example","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/murat-polat%2Fkeycloak-deployment-example","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/murat-polat%2Fkeycloak-deployment-example/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/murat-polat%2Fkeycloak-deployment-example/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/murat-polat%2Fkeycloak-deployment-example/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/murat-polat","download_url":"https://codeload.github.com/murat-polat/keycloak-deployment-example/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/murat-polat%2Fkeycloak-deployment-example/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29434004,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-14T02:20:56.896Z","status":"ssl_error","status_checked_at":"2026-02-14T02:11:29.478Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["caddy","docker-compose","keycloak"],"created_at":"2025-03-30T13:17:49.855Z","updated_at":"2026-02-14T03:33:57.548Z","avatar_url":"https://github.com/murat-polat.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# keycloak-deployment-example\nKeycloack production deployment with secure SSL/HTTPS, and Caddy server\n\n\n\n### This  is a simple example  for deploying a Keycloak Docker application, to production environment. With secure SSL/HTTPS via Caddy server.\n\n\n\n\n### What we need ?\n\n- Linux machine/VM \n- Domainname\n- Docker and Docker-compose\n- Keycloak Dockerfile or Docker-compose file\n- Caddy server and reverse proxy configuration for HTTPS/SSL\n\n### Linux VM :\nYou can order a Linux VM from the Digital Ocean, Contabo, Vultr, Linode, MVPS etc. For this tutorial, we choose an Ubuntu24.04  instance on [MVPS](https://www.mvps.net/).\nAfter  first login as a root user, run:\n\n`sudo apt update`\n\n`sudo apt upgrade -y`\n\n\nOptional : If you want to change your root password:\n\n`passwd`  \n\nthan change your root password\n\nWe will run Keycloak inside a Docker container. To run Docker as a root user is not good choice.\nTherefore we need to create a new user, and give this user admin privileges.\n\n`sudo adduser \u003cnewuser\u003e`\n\n`sudo usermod -aG  sudo \u003cnewuser\u003e`\n\nChange root user to new user\n\n`su \u003cnewuser\u003e`\n\n## Install Docker and Docker-compose:\n\n\n### Add Docker's official GPG key:\n```\nsudo apt-get update\n\nsudo apt-get install ca-certificates curl\nsudo install -m 0755 -d /etc/apt/keyrings\nsudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc\nsudo chmod a+r /etc/apt/keyrings/docker.asc\n```\n### Add the repository to Apt sources:\n```\necho \\\n  \"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \\\n  $(. /etc/os-release \u0026\u0026 echo \"${UBUNTU_CODENAME:-$VERSION_CODENAME}\") stable\" | \\\n  sudo tee /etc/apt/sources.list.d/docker.list \u003e /dev/null\nsudo apt-get update\n```\n### To install the latest version, run:\n\n```\nsudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin\n```\n\n### Give to the current user to run Docker and Docker-compose without \"sudo\" permissions\n\n```\nsudo usermod -aG docker $USER \n```\n\nThan reboot your server \n\n`sudo reboot`\n\nCheck if Docker runs properely without \"permissions denied\" etc.\n\n`docker version`\n\n```\nmpo@vps:~$ docker version\nClient: Docker Engine - Community\n Version:           28.0.2\n API version:       1.48\n Go version:        go1.23.7\n Git commit:        0442a73\n Built:             Wed Mar 19 14:36:49 2025\n OS/Arch:           linux/amd64\n Context:           default\n\nServer: Docker Engine - Community\n Engine:\n  Version:          28.0.2\n  API version:      1.48 (minimum version 1.24)\n  Go version:       go1.23.7\n  Git commit:       bea4de2\n  Built:            Wed Mar 19 14:36:49 2025\n  OS/Arch:          linux/amd64\n  Experimental:     false\n containerd:\n  Version:          1.7.25\n  GitCommit:        bcc810d6b9066471b0b6fa75f557a15a1cbf31bb\n runc:\n  Version:          1.2.4\n  GitCommit:        v1.2.4-0-g6c52b3f\n docker-init:\n  Version:          0.19.0\n  GitCommit:        de40ad0\n\n```\n\n\n### Install Docker Compose plugin\n```\nsudo apt-get update\nsudo apt-get install docker-compose-plugin\n```\n\nCheck if Docker compose runs:\n\n```\nmpo@vps:~$ docker compose version\nDocker Compose version v2.34.0\n\n```\n\n\n\n\n### Domain configuration\n\nWe need a domain name for publishing our application in World Wide Web. We choose a domainname from the https://www.namecheap.com. And must tell the domain provider which server/IP provider will be used for publishing. Our Keycloak application will be served on MVPS. From  domain list =\u003e management =\u003e Nameservers =\u003e Custom DNS add three nameservers (ns1.mvps-hosted.com, ns2.mvps-hosted.com, ns3.mvps-hosted.com) and save.\n\n![](/src/doaminNamecheap.png)\n\n\nFrom MVPS Control panel \"Nameservers(DNS)\", add your domainname.\n\n\n![](/src/DNS_register_server_side.png)\n\n\n\n\n\n\n\n\n### Caddy Server configuration\n#### Installation:\n\nhttps://caddyserver.com/docs/install#debian-ubuntu-raspbian \n\n```\nsudo apt install -y debian-keyring debian-archive-keyring apt-transport-https\n\n\ncurl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg\n\ncurl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list\n\nsudo apt update\n\nsudo apt install caddy\n\n\n```\n\n`sudo systemctl start caddy `\n\n`sudo systemctl enable caddy`\n\n`sudo systemctl status caddy`\n\n\n```\nmpo@vps:~$ sudo systemctl status caddy\n● caddy.service - Caddy\n     Loaded: loaded (/usr/lib/systemd/system/caddy.service; enabled; preset: enabled)\n     Active: active (running) since Sun 2025-03-23 18:28:58 UTC; 3min 35s ago\n       Docs: https://caddyserver.com/docs/\n   Main PID: 3071 (caddy)\n      Tasks: 7 (limit: 4610)\n     Memory: 10.0M (peak: 10.5M)\n        CPU: 126ms\n     CGroup: /system.slice/caddy.service\n             └─3071 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile\n\nMar 23 18:28:58 vps caddy[3071]: {\"level\":\"warn\",\"ts\":1742754538.7090259,\"logger\":\"http.auto_https\",\"msg\":\"server is listening only on the\u003e\nMar 23 18:28:58 vps caddy[3071]: {\"level\":\"info\",\"ts\":1742754538.7093666,\"logger\":\"tls.cache.maintenance\",\"msg\":\"started background certif\u003e\n(END)\n\n```\n\n\n#### Configuration reverse proxy with Caddyfile\n\nKeycloak will be served on port 8080 soon\n\n`sudo nano /etc/caddy/Caddyfile`\n\n```\nyourdomain.com {\n\n        reverse_proxy  localhost:8080\n\n}\n\n```\n\n`sudo systemctl reload caddy`\n\n\n\n\n\n\n### Keycloak Docker compose configuration\n\n``` sudo nano docker-compose.yaml ```\n\n\nCopy paste YAML file below,  than save the file with \"CTRL + X \" and \" Y \"\n\n\n```\n---\n\nversion: '3'\n\n### Postgress ###\nservices:\n  postgres:\n    image: postgres\n    volumes:\n      - postgres:/var/lib/postgresql/data\n    environment:\n      POSTGRES_DB: keycloak\n      POSTGRES_USER: admin\n      POSTGRES_PASSWORD: Password123\n      restart: always\n\n### Keycloak ###\n  keycloak:\n    image: quay.io/keycloak/keycloak:23.0.3\n    command: start-dev  # --optimized\n    environment:\n      KC_DB: postgres\n      KC_DB_URL_HOST: postgres\n      KC_DB_URL: postgres\n      KC_DB_NAME: keycloak\n      KC_DB_USERNAME: admin\n      KC_DB_SCHEMA: public\n      KC_DB_PASSWORD: Password123\n      # KC_METRICS_ENABLED: true\n      # KC_HEALTH_ENABLED: true\n      # KC_HOSTNAME_STRICT: false\n      KC_HOSTNAME: yourdomain.com # YorDomain name here!!!!\n      #KC_HOSTNAME_ADMIN_URL: https://localhost:8443\n      #KC_HOSTNAME_URL: https://localhost:8080\n      KEYCLOAK_ADMIN: admin\n      KEYCLOAK_ADMIN_PASSWORD: Password123\n      KC_PROXY: edge\n      #PROXY_HEADERS: xforwarded\n      #KC_HOSTNAME_STRICT: false\n      #KC_HOSTNAME_STRICT_BACKCHANNEL: false\n      # PROXY_ADDRESS_FORWARDING: true\n    ports:\n      - \"8080:8080\"\n   \n    depends_on:\n      - postgres\n    restart: always\n\n\nvolumes:\n  postgres:\n  keycloak:\n\n\n```\n\nNow time to start Keycloak\n\n\n```\ndocker compose up -d \n```\n\nThan visit YourDomain.com on browser \"https://yourdomain.com\"\n\n![](/src/Keycloak_start.png)\n\nClick Administration Console then login with your credentials from the docker-compose.yaml  file\n(admin/Password123)\n\nAfter first login change your password\n\n![](/src/ChangePassword.png)\n\n\nDone :)\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmurat-polat%2Fkeycloak-deployment-example","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmurat-polat%2Fkeycloak-deployment-example","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmurat-polat%2Fkeycloak-deployment-example/lists"}