Skip to Content
📦 Deploy GuidesKeycloak

Deploy Keycloak

Open source identity and access management for modern applications and services.

⭐ 23.0k stars📜 Apache 2.0🔴 Advanced⏱ ~20 minutes

What You’ll Get

A fully working Keycloak instance running on your server. Your data stays on your hardware — no third-party access, no usage limits, no surprise invoices.

Prerequisites

  • A server with Docker and Docker Compose installed (setup guide)
  • A domain name pointed to your server (optional but recommended)
  • Basic terminal access (SSH)

The Config

Create a directory for Keycloak and add this docker-compose.yml:

# -------------------------------------------------------------------------
# 🚀 Created and distributed by The AltStack
# 🌍 https://thealtstack.com
# -------------------------------------------------------------------------
 
version: '3.8'
 
services:
  keycloak:
    image: quay.io/keycloak/keycloak:latest
    container_name: keycloak
    restart: unless-stopped
    command: start-dev
    depends_on:
      - db
    ports:
      - "8080:8080"
    environment:
      - KEYCLOAK_ADMIN=admin
      - KEYCLOAK_ADMIN_PASSWORD=admin
      - KC_DB=postgres
      - KC_DB_URL=jdbc:postgresql://db:5432/keycloak
      - KC_DB_USERNAME=keycloak
      - KC_DB_PASSWORD=keycloak
 
  db:
    image: postgres:15-alpine
    container_name: keycloak-db
    restart: unless-stopped
    environment:
      - POSTGRES_DB=keycloak
      - POSTGRES_USER=keycloak
      - POSTGRES_PASSWORD=keycloak
    volumes:
      - keycloak_db_data:/var/lib/postgresql/data
 
volumes:
  keycloak_db_data:

Let’s Ship It

# Create a directory
mkdir -p /opt/keycloak && cd /opt/keycloak
 
# Create the docker-compose.yml (paste the config above)
nano docker-compose.yml
 
# Pull images and start
docker compose up -d
 
# Watch the logs
docker compose logs -f

Environment Variables

VariableDefaultRequired
KEYCLOAK_ADMINadminNo
KEYCLOAK_ADMIN_PASSWORDadminNo
KC_DBpostgresNo
KC_DB_URLjdbc:postgresql://db:5432/keycloakNo
KC_DB_USERNAMEkeycloakNo
KC_DB_PASSWORDkeycloakNo
POSTGRES_DBkeycloakNo
POSTGRES_USERkeycloakNo
POSTGRES_PASSWORDkeycloakNo

Post-Deployment Checklist

  • Service is accessible on the configured port
  • Admin account created (if applicable)
  • Reverse proxy configured (Caddy guide)
  • SSL/HTTPS working
  • Backup script set up (backup guide)
  • Uptime monitor added (Uptime Kuma)

The “I Broke It” Section

Container won’t start?

docker compose logs keycloak | tail -50

Port already in use?

# Find what's using the port
lsof -i :PORT_NUMBER

Need to start fresh?

docker compose down -v  # ⚠️ This deletes volumes/data!
docker compose up -d

Going Further

KeePassXCKrita