I have decided to convert my infrastructure at home to Docker containers. Right now I’m using a stack of Intel NUC computers for the purpose. But several of them do virtually nothing, so they are obvious candidates to be replaced. My first attempt is to get Keycloak running in a container, along with an Nginx reverse proxy. The next step will be to change my web server that hosts a number of websites. But something is wrong as I can’t access Keycloak.
I have created two different Docker composer files for the purpose. One for Keycloak and one for Nginx. The first one for Nginx reverse proxy looks like this:
version: "3.9"
services:
nginx-proxy:
container_name: nginx-proxy
image: jwilder/nginx-proxy:latest
restart: unless-stopped
ports:
- 8080:80
- 8443:443
networks:
- proxynet
volumes:
- html:/usr/share/nginx/html
- dhparam:/etc/nginx/dhparam
- vhost:/etc/nginx/vhost.d
- certs:/etc/nginx/certs
- /run/docker.sock:/tmp/docker.sock:ro
logging:
options:
max-size: "10m"
max-file: "3"
letsencrypt:
container_name: letsencrypt-helper
image: jrcs/letsencrypt-nginx-proxy-companion:latest
restart: unless-stopped
networks:
- proxynet
volumes_from:
- nginx-proxy
environment:
NGINX_PROXY_CONTAINER: nginx-proxy
DEFAULT_EMAIL: webmaster@example.dk
depends_on:
- nginx-proxy
volumes:
certs:
html:
vhost:
dhparam:
networks:
proxynet:
external: true
The next composer file for Keycloak looks like this:
version: "3.9"
services:
postgres:
image: postgres:latest
restart: unless-stopped
container_name: postgresql
environment:
POSTGRES_DB: ${PG_DB}
POSTGRES_USER: ${PG_DB_USERNAME}
POSTGRES_PASSWORD: ${PG_DB_PASSWORD}
volumes:
- postgres_data:/var/lib/postgresql/data
keycloak:
depends_on:
- postgres
container_name: keycloak
environment:
KC_DB_URL: jdbc:postgresql://localhost:5432/keycloak
KC_DB: ${PG_DB}
KC_DB_USERNAME: ${PG_DB_USERNAME}
KC_DB_PASSWORD: ${PG_DB_PASSWORD}
KEYCLOAK_ADMIN: ${KC_ADMIN}
KEYCLOAK_ADMIN_PASSWORD: ${KC_ADMIN_PASSWORD}
KC_EDGE: proxy
KC_PROXY: edge
KC_LOG_LEVEL: info
KC_HOSTNAME: ${KC_HOST}
LETSENCRYPT_HOST: ${LETSENCRYPT_HOST}
LETSENCRYPT_EMAIL: ${LETSENCRYPT_EMAIL}
VIRTUAL_HOST: ${LETSENCRYPT_HOST}
VIRTUAL_PORT: ${KC_PORTS}
image: quay.io/keycloak/keycloak:${KC_VERSION}
networks:
- proxynet
restart: unless-stopped
volumes:
postgres_data:
#Use this configuration in production with nginx-proxy container
networks:
proxynet:
external: true
There is also an .env file:
KC_VERSION=20.0.2
KC_PORTS=8090
PG_DB_USERNAME=keycloak
PG_DB_PASSWORD=passw0rd1
PG_DB=keycloak
KC_ADMIN=admin
KC_ADMIN_PASSWORD=passw0rd2
KC_HOST=auth.example.dk
LETSENCRYPT_HOST=auth.example.dk
LETSENCRYPT_EMAIL=webmaster@example.dk
Hope someone can figure out what it takes to get it running