{"id":28206485,"url":"https://github.com/stelzo/keycloak-letsencrypt","last_synced_at":"2025-06-11T21:31:32.772Z","repository":{"id":41430947,"uuid":"337782630","full_name":"stelzo/keycloak-letsencrypt","owner":"stelzo","description":"Keycloak in Docker with Let’s Encrypt certificates.","archived":false,"fork":false,"pushed_at":"2022-10-12T17:32:33.000Z","size":34,"stargazers_count":12,"open_issues_count":0,"forks_count":5,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-17T10:09:54.114Z","etag":null,"topics":["certbot","docker","docker-compose","https","keycloak","letsencrypt","nginx"],"latest_commit_sha":null,"homepage":"","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stelzo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-02-10T16:27:06.000Z","updated_at":"2025-04-22T16:31:15.000Z","dependencies_parsed_at":"2023-01-19T20:56:33.683Z","dependency_job_id":null,"html_url":"https://github.com/stelzo/keycloak-letsencrypt","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/stelzo/keycloak-letsencrypt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stelzo%2Fkeycloak-letsencrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stelzo%2Fkeycloak-letsencrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stelzo%2Fkeycloak-letsencrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stelzo%2Fkeycloak-letsencrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stelzo","download_url":"https://codeload.github.com/stelzo/keycloak-letsencrypt/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stelzo%2Fkeycloak-letsencrypt/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259345609,"owners_count":22843565,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certbot","docker","docker-compose","https","keycloak","letsencrypt","nginx"],"created_at":"2025-05-17T10:09:53.989Z","updated_at":"2025-06-11T21:31:32.767Z","avatar_url":"https://github.com/stelzo.png","language":"Dockerfile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Keycloak Let’s Encrypt :closed_lock_with_key:\n\nThe current effort to get Keycloak running with renewing Let’s Encrypt certificates is too ... keystores for me.\n\nThis repo will just use Let's Encrypt. Maybe not the right thing for big businesses but sufficient for many others.\n\n## tldr\n\nUse the patched docker image `stelzo/keycloak:latest` or build it yourself with `Dockerfile` in this repo.\n\n## detailed setup guide\n\nYou need to have installed:\n\n- [docker-compose](https://docs.docker.com/compose/install/)\n- [Certbot](https://certbot.eff.org/)\n- [Nginx](https://www.nginx.com/resources/wiki/start/topics/tutorials/install/)\n\nThen start with cloning the repo.\n\n```sh\n$ git clone https://github.com/stelzo/keycloak-letsencrypt.git\n```\n\nCreate a new Nginx config for Keycloak in `/etc/nginx/sites-available/\u003cyour-domain\u003e.conf` with the following content.\n\n```\nserver {\n  server_name \u003cyour-domain\u003e;\n  allow all;\n  listen 80;\n\n  location / {\n    proxy_pass          http://localhost:8080/;\n    proxy_set_header    Host               $host;\n    proxy_set_header    X-Real-IP          $remote_addr;\n    proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;\n    proxy_set_header    X-Forwarded-Host   $host;\n    proxy_set_header    X-Forwarded-Server $host;\n    proxy_set_header    X-Forwarded-Port   443;\n    proxy_set_header    X-Forwarded-Proto  https;\n  }\n}\n```\n\nCreate a symlink from your config to the enabled sites.\n\n```sh\n$ sudo ln -s /etc/nginx/sites-available/\u003cyour-domain\u003e.conf /etc/nginx/sites-enabled/\u003cyour-domain\u003e.conf\n```\n\nCheck if you made any mistakes with `sudo nginx -t` and let Nginx load the new config `sudo nginx -s reload`.\n\nGet your SSL certificate.\nFor this to work, your domain needs to point to the server you are running this on.\n\n```sh\n$ sudo certbot --nginx\n```\n\nNow take a look into the `docker-compose.yml`.\n\n1. **Change the passwords**!\n2. Create your admin account with `KEYCLOAK_USER` and `KEYCLOAK_PASSWORD` environment variables.\n3. Start the containers. `docker-compose up -d`.\n\n**You are ready to go!** Visit `https://\u003cyour-domain\u003e/`.\n\nYou can restart your Keycloak server with `docker-compose -f /path/to/docker-compose.yml restart keycloak`.\n\n## Management Console\n\nThe WildFly (Application Server Keycloak runs on) management console does not currently work with the nginx proxy (as seen in the article) but it starts on port 9990 on your machine if you need it. It is only http though.\n\nAdd an account.\n\n```sh\n$ docker exec keycloak /opt/jboss/keycloak/bin/add-user.sh -u \u003cusername\u003e -p \u003cpassword\u003e -cw\n```\n\nReload the server inside the container.\n\n```sh\n$ docker exec keycloak /opt/jboss/keycloak/bin/jboss-cli.sh --connect --command=reload\n```\n\nYou can reach it at `http://yourdomain.com:9990/management`.\n\n## Credit\n\nThis is basically a dockerized version of [this article](https://www.datamate.org/installation-keycloak-sso-ubuntu-18-04/). Many thanks to Christoph Dyllick-Brenzinger!\n\n## License\n\n[MIT](https://choosealicense.com/licenses/mit/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstelzo%2Fkeycloak-letsencrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstelzo%2Fkeycloak-letsencrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstelzo%2Fkeycloak-letsencrypt/lists"}