Setting up Keycloak

keycloak | netbird

system requirements

    #apt install default-jdk
apt install openjdk-17-jre

assuming public network, make sure you’ve got the DNS record alright e.g.

ping keycloak.nethence.com

incl. dnat and reverse proxies

nmap -p 80,443 keycloak.nethence.com

install

grab latest version

#ver=24.0.3
ver=26.2.0

cd /opt/

wget https://github.com/keycloak/keycloak/releases/download/$ver/keycloak-$ver.tar.gz
    tar xzf keycloak-$ver.tar.gz
    ln -s keycloak-$ver /opt/keycloak

setup

cd /opt/keycloak/bin/
./kc.sh tools completion > /etc/bash_completion.d/kc-complete.bash
source /etc/bash_completion.d/kc-complete.bash

./kc.sh build --help
./kc.sh build --db mariadb
./kc.sh show-config

# DEV
./kc.sh start-dev --help

# PROD
./kc.sh start --help

ready to go

run it once with those variables defined

export KC_BOOTSTRAP_ADMIN_USERNAME=kc-admin
export KC_BOOTSTRAP_ADMIN_PASSWORD=...

db_password=...

nohup /opt/keycloak/bin/kc.sh start --optimized \
    --http-enabled true \
    --http-host 127.0.0.1 \
    --http-port 8081 \
    --proxy-headers xforwarded \
    --proxy-trusted-addresses 127.0.0.1/32 \
    --hostname https://keycloak.nethence.com \
    --db-url-host 127.0.0.1 \
    --db-username keycloak \
    --db-password $db_password > /var/log/keycloak.nohup.log 2>&1 &

more options

--hostname-debug true \
--hostname-admin https://keycloak-admin.nethence.com \

    --log console,file --log-file /var/log/keycloak.log --log-file-output json \
--log-level debug
--log-level warn
--proxy-protocol-enabled true \

--https-port 8443 \
--https-certificate-file /root/keycloak.demo.nethence.com/fullchain.pem \
--https-certificate-key-file /root/keycloak.demo.nethence.com/privkey.pem

--spi-sticky-session-encoder-infinispan-should-attach-route=false \

and enable at boot-time

systemctl list-unit-files | grep rc-local
vi /etc/rc.local

echo start keycloak
...

check

netstat -lntup | grep 8081
pgrep -a java

usage

cd /opt/keycloak/bin/
./kcadm.sh

resources

https://www.keycloak.org/getting-started/getting-started-zip

guides

https://keycloak.ch/keycloak-tutorials/tutorial-1-installing-and-running-keycloak/

setup

https://keycloak.org/server/logging

https://www.keycloak.org/server/reverseproxy

https://www.keycloak.org/server/configuration

ops

https://www.keycloak.org/docs/latest/server_admin/

moar

systemd

https://gist.github.com/chainhead/923e01e47a518db0f6bf0ce3aa2801ea

FW https://medium.com/@hasnat.saeed/setup-keycloak-server-on-ubuntu-18-04-ed8c7c79a2d9

https://keycloak.discourse.group/t/startup-keycloak-as-a-permanent-runing-service/8206

https://stackoverflow.com/questions/73036422/configure-keycloak-service-to-run-keycloak-18-0-2-as-a-daemon-process-in-rhel

docker

https://www.keycloak.org/getting-started/getting-started-docker


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun