Skip to Content

Deploy Keycloak

Open source identity and access management for modern applications and services.

⭐ 23.0k stars📜 Apache 2.0🔴 Advanced⏱ ~20 minutes

What You’ll Get

A fully working Keycloak instance running on your server. Your data stays on your hardware — no third-party access, no usage limits, no surprise invoices.

Prerequisites

  • A server with Docker and Docker Compose installed (setup guide)
  • A domain name pointed to your server (optional but recommended)
  • Basic terminal access (SSH)

The Config

Create a directory for Keycloak and add this docker-compose.yml:

# ------------------------------------------------------------------------- # 🚀 Created and distributed by The AltStack # 🌍 https://thealtstack.com # ------------------------------------------------------------------------- version: '3.8' services: keycloak: image: quay.io/keycloak/keycloak:latest container_name: keycloak restart: unless-stopped command: start-dev depends_on: - db ports: - "8080:8080" environment: - KEYCLOAK_ADMIN=admin - KEYCLOAK_ADMIN_PASSWORD=admin - KC_DB=postgres - KC_DB_URL=jdbc:postgresql://db:5432/keycloak - KC_DB_USERNAME=keycloak - KC_DB_PASSWORD=keycloak db: image: postgres:15-alpine container_name: keycloak-db restart: unless-stopped environment: - POSTGRES_DB=keycloak - POSTGRES_USER=keycloak - POSTGRES_PASSWORD=keycloak volumes: - keycloak_db_data:/var/lib/postgresql/data volumes: keycloak_db_data:

Let’s Ship It

# Create a directory mkdir -p /opt/keycloak && cd /opt/keycloak # Create the docker-compose.yml (paste the config above) nano docker-compose.yml # Pull images and start docker compose up -d # Watch the logs docker compose logs -f

Environment Variables

VariableDefaultRequired
KEYCLOAK_ADMINadminNo
KEYCLOAK_ADMIN_PASSWORDadminNo
KC_DBpostgresNo
KC_DB_URLjdbc:postgresql://db:5432/keycloakNo
KC_DB_USERNAMEkeycloakNo
KC_DB_PASSWORDkeycloakNo
POSTGRES_DBkeycloakNo
POSTGRES_USERkeycloakNo
POSTGRES_PASSWORDkeycloakNo

Post-Deployment Checklist

  • Service is accessible on the configured port
  • Admin account created (if applicable)
  • Reverse proxy configured (Caddy guide)
  • SSL/HTTPS working
  • Backup script set up (backup guide)
  • Uptime monitor added (Uptime Kuma)

The “I Broke It” Section

Container won’t start?

docker compose logs keycloak | tail -50

Port already in use?

# Find what's using the port lsof -i :PORT_NUMBER

Need to start fresh?

docker compose down -v # ⚠️ This deletes volumes/data! docker compose up -d

Going Further