Setting up Keycloak

keycloak | netbird

requirementsrequirements

#apt install default-jdk
apt install openjdk-17-jre

assuming public network, make sure you’ve got the DNS record alright e.g.

ping keycloak.nethence.com

eventually incl. dnat and reverse proxies

nmap -p 80,443 keycloak.nethence.com

you will also need a database e.g. mariadb

installinstall

grab latest version

ver=26.4.7

cd /opt/

wget https://github.com/keycloak/keycloak/releases/download/$ver/keycloak-$ver.tar.gz
tar xzf keycloak-$ver.tar.gz
rm -f keycloak-$ver.tar.gz
ln -s keycloak-$ver /opt/keycloak

groupadd kc
useradd --system -g kc -d /opt/keycloak -s /sbin/nologin kc

setupsetup

cd /opt/keycloak/bin/
./kc.sh tools completion > /etc/bash_completion.d/kc-complete.bash
source /etc/bash_completion.d/kc-complete.bash

define e.g. mariadb as database vendor so you can use optimized startup thereafter

./kc.sh build --help
time ./kc.sh build --db mariadb
./kc.sh show-config

# DEV
./kc.sh start-dev --help

# PROD
./kc.sh start --help

ready to goready to go

run it once with those variables defined

export KC_BOOTSTRAP_ADMIN_USERNAME=kc-admin
export KC_BOOTSTRAP_ADMIN_PASSWORD=...

# empty
netstat -lntup | grep 8081

start and enable at boot-time

db_user=kc
db_pass=...

cat > /etc/systemd/system/kc.service <<EOF
[Unit]
After=network.target

[Service]
User=kc
Group=kc
SuccessExitStatus=143
ExecStart=/opt/keycloak/bin/kc.sh start --optimized \
    --http-enabled true \
    --http-host 127.0.0.1 \
    --http-port 8081 \
    --proxy-headers xforwarded \
    --proxy-trusted-addresses 127.0.0.1/32 \
    --hostname https://keycloak.nethence.com \
    --db-url-host 127.0.0.1 \
    --db-url-database kc \
    --db-username $db_user \
    --db-password $db_pass
WorkingDirectory=/opt/keycloak

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl start kc
systemctl enable kc
systemctl status kc

check

netstat -lntup | grep 8081
pgrep -a java

usageusage

cd /opt/keycloak/bin/
./kcadm.sh

additional notesadditional notes

more options

    --hostname-debug true \
    --hostname-admin https://keycloak-admin.nethence.com \

    --log console,file --log-file /var/log/keycloak.log --log-file-output json \
    --log-level debug
    --log-level warn
    --proxy-protocol-enabled true \

    --https-port 8443 \
    --https-certificate-file /root/keycloak.demo.nethence.com/fullchain.pem \
    --https-certificate-key-file /root/keycloak.demo.nethence.com/privkey.pem

    --spi-sticky-session-encoder-infinispan-should-attach-route=false \

resourcesresources

https://www.keycloak.org/getting-started/getting-started-zip

guides

https://keycloak.ch/keycloak-tutorials/tutorial-1-installing-and-running-keycloak/

setup

https://keycloak.org/server/logging

https://www.keycloak.org/server/reverseproxy

https://www.keycloak.org/server/configuration

ops

https://www.keycloak.org/docs/latest/server_admin/

moar

systemd

https://gist.github.com/chainhead/923e01e47a518db0f6bf0ce3aa2801ea

FW https://medium.com/@hasnat.saeed/setup-keycloak-server-on-ubuntu-18-04-ed8c7c79a2d9

https://keycloak.discourse.group/t/startup-keycloak-as-a-permanent-runing-service/8206

https://stackoverflow.com/questions/73036422/configure-keycloak-service-to-run-keycloak-18-0-2-as-a-daemon-process-in-rhel

docker

https://www.keycloak.org/getting-started/getting-started-docker


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Licensed under MIT