You can also put nginx in front with LetsEncrypt, for full functional setup. This is docker-compose.yaml:
services:
keycloak:
image: quay.io/keycloak/keycloak:26.1.0
restart: unless-stopped
environment:
KC_DB: mysql
KC_DB_URL_HOST: mysql
KC_DB_USERNAME: keycloak
KC_DB_PASSWORD: password
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: somepassword
KC_HEALTH_ENABLED: false
KC_METRICS_ENABLED: false
KC_HOSTNAME_STRICT: false
KC_PROXY_ADDRESS_FORWARDING: true
KC_HTTP_ENABLED: true
QUARKUS_HTTP_ACCESS_LOG_ENABLED: true
KC_PROXY: edge
KC_HOSTNAME_STRICT_HTTPS: false
PROXY_ADDRESS_FORWARDING: true
KC_HOSTNAME: "https://keycloak.domain.tld"
KC_HTTPS_KEY_STORE_FILE: /keycloak.jks
KC_HTTPS_KEY_STORE_PASSWORD: changeme
ports:
- "5443:8443"
- "5080:8080"
volumes:
- /home/auth/keycloak/mykeystore.p12:/mykeystore.p12
- /home/auth/keycloak/keycloak.jks:/keycloak.jks
command:
- start
networks:
- keycloak_network
depends_on:
- mysql
mysql:
image: mysql:9.2.0
restart: unless-stopped
environment:
MYSQL_USER: keycloak
MYSQL_PASSWORD: password
MYSQL_DATABASE: keycloak
MYSQL_ROOT_PASSWORD: password123
networks:
- keycloak_network
volumes:
- keycloak-and-mysql-volume:/var/lib/mysql
networks:
keycloak_network:
driver: bridge
volumes:
keycloak-and-mysql-volume: