Run Keycloak locally with Docker compose
Follow up on my keycloak blogs about
- Running Keycloak in Docker with an external DB
- Run Keycloak locally with Docker compose
- backup and restore Keycloak
Follow up on my previous blog about running Keycloak in Docker with an external DB, in this document, I’d like to show you how you can achieve with docker compose easily
Step One
Update your local hosts file. For example, on Linux, add the following line to /etc/hosts:
127.0.0.1 keycloak.com.au
On Windows, the file path is usually: c:\Windows\System32\Drivers\etc\hosts
Step Two
Prepare Dockerfile for Keycloak. Please refer to the previous blog post on Run Keycloak in docker with extenal DB for guidance.
Step Three
Prepare the docker-compose file (e.g., docker-compose.yml
). Make sure you place the Dockerfile and docker-compose.yml in the same folder.
Notes: I prefer to lock the Docker image’s tag to get a stable result. Using the “latest” tag is not recommended. A similar idea is when we run Node.js applications with package-lock.json using
npm ci
instead of just package.json when usingnpm install
version: "3.9"
services:
postgres:
container_name: db
image: "postgres:14.4"
healthcheck:
test: [ "CMD", "pg_isready", "-q", "-d", "postgres", "-U", "root" ]
timeout: 45s
interval: 10s
retries: 10
volumes:
- postgres_data:/var/lib/postgresql/data
#- ./sql:/docker-entrypoint-initdb.d/:ro # turn it on, if you need run init DB
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: keycloak
POSTGRES_HOST: postgres
networks:
- local
ports:
- "5432:5432"
pgadmin:
container_name: pgadmin
image: "dpage/pgadmin4:5.1"
environment:
PGADMIN_DEFAULT_EMAIL: [email protected]
PGADMIN_DEFAULT_PASSWORD: postgres
ports:
- "5050:80"
networks:
- local
keycloak:
container_name: keycloak
build:
context: .
args:
KEYCLOAK_VERSION: 22.0.0
command: ['start', '--optimized']
depends_on:
- "postgres"
environment:
JAVA_OPTS_APPEND: -Dkeycloak.profile.feature.upload_scripts=enabled
KC_DB_PASSWORD: postgres
KC_DB_URL: jdbc:postgresql://postgres/keycloak
KC_DB_USERNAME: postgres
KC_HEALTH_ENABLED: 'true'
KC_HTTP_ENABLED: 'true'
KC_METRICS_ENABLED: 'true'
# KC_HOSTNAME: keycloak.com.au
# KC_HOSTNAME_PORT: 8180
KC_HOSTNAME_URL: http://keycloak.com.au:8180
KC_PROXY: reencrypt
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: password
ports:
- "8180:8080"
- "8787:8787" # debug port
networks:
- local
networks:
local:
name: local
driver: bridge
volumes:
postgres_data:
Step Four
Build and run Keycloak with an external PostgreSQL locally using the docker-compose command:
$ docker compose build --no-cache keycloak
$ docker compose up -d
[+] Running 3/0
✔ Container db Running 0.0s
✔ Container pgadmin Running 0.0s
✔ Container keycloak Running 0.0s
Step Five
Check the services status:
$ docker compose ps
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
db postgres:14.4 "docker-entrypoint.s…" postgres 17 seconds ago Up 16 seconds (healthy) 0.0.0.0:5432->5432/tcp, :::5432->5432/tcp
keycloak keycloak-keycloak "/opt/keycloak/bin/k…" keycloak 17 seconds ago Up 16 seconds 8443/tcp, 0.0.0.0:8787->8787/tcp, :::8787->8787/tcp, 0.0.0.0:8180->8080/tcp, :::8180->8080/tcp
pgadmin dpage/pgadmin4:5.1 "/entrypoint.sh" pgadmin 17 seconds ago Up 16 seconds 443/tcp, 0.0.0.0:5050->80/tcp, :::5050->80/tcp
$ ddocker compose logs -f keycloak
# you should see the message as
# keycloak | 2023-07-30 03:57:40,701 INFO [io.quarkus] (main) Keycloak 22.0.0 on JVM (powered by Quarkus 3.2.0.Final)
# started in 7.948s. Listening on: http://0.0.0.0:8080
Now, open your browser in incognito mode and access the following URL:
Login to the admin console with the username admin
and password password
.
By following these steps, you should be able to run Keycloak with an external PostgreSQL database locally using Docker.
Note: source codes can be found at https://github.com/ozbillwang/keycloak-compose