Keycloak
Keycloak is an open-source identity and access management solution by Red Hat, providing single sign-on (SSO), identity brokering, user federation, and centralized authentication for modern applications. It supports OAuth 2.0, OpenID Connect, SAML 2.0, and LDAP/Active Directory integration out of the box. This stack deploys Keycloak 26 in production mode backed by PostgreSQL 16 for reliable storage of realms, users, clients, and sessions. Keycloak provides a powerful admin console for managing realms, configuring authentication flows, setting up MFA policies, and defining fine-grained authorization policies. It supports social login providers (Google, GitHub, Facebook, etc.), custom themes, user self-registration, account management, and a comprehensive REST API. After deployment, access the admin console on port 8080 and log in with the configured admin credentials to create your first realm and configure clients.
Included Services
keycloak
quay.io/keycloak/keycloak:26
Environment Variables:
postgres
postgres:16-alpine
Environment Variables:
Generated YAML
# Generated by ComposeHub (composehub.dev)
name: keycloak
services:
keycloak:
image: quay.io/keycloak/keycloak:26
restart: always
command:
- start
ports:
- 8080:8080
environment:
KC_DB: postgres
KC_DB_URL_HOST: postgres
KC_DB_URL_PORT: "5432"
KC_DB_URL_DATABASE: ${POSTGRES_DB:-keycloak}
KC_DB_USERNAME: ${POSTGRES_USER:-keycloak}
KC_DB_PASSWORD: ${POSTGRES_PASSWORD:-changeme}
KC_HOSTNAME: ${KC_HOSTNAME:-localhost}
KC_HOSTNAME_STRICT: ${KC_HOSTNAME_STRICT:-false}
KC_HTTP_ENABLED: ${KC_HTTP_ENABLED:-true}
KC_PROXY_HEADERS: ${KC_PROXY_HEADERS:-xforwarded}
KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN:-admin}
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-changeme}
KC_HEALTH_ENABLED: "true"
KC_METRICS_ENABLED: ${KC_METRICS_ENABLED:-false}
networks:
- keycloak
depends_on:
postgres:
condition: service_healthy
healthcheck:
test:
- CMD-SHELL
- >-
exec 3<>/dev/tcp/localhost/9000; echo -e "GET /health/ready HTTP/1.1\r\nhost: localhost\r\nConnection:
close\r\n\r\n" >&3; timeout 1 cat <&3 | grep -q 200
interval: 30s
timeout: 10s
retries: 5
start_period: 90s
deploy:
resources:
limits:
cpus: "2.00"
memory: 1536M
reservations:
cpus: "0.50"
memory: 512M
labels:
com.composehub.description: Keycloak identity and access management server
postgres:
image: postgres:16-alpine
restart: always
volumes:
- keycloak_db:/var/lib/postgresql/data
environment:
POSTGRES_DB: ${POSTGRES_DB:-keycloak}
POSTGRES_USER: ${POSTGRES_USER:-keycloak}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-changeme}
networks:
- keycloak
healthcheck:
test:
- CMD-SHELL
- pg_isready -U ${POSTGRES_USER:-keycloak} -d ${POSTGRES_DB:-keycloak}
interval: 5s
timeout: 5s
retries: 10
start_period: 30s
deploy:
resources:
limits:
cpus: "1.00"
memory: 512M
reservations:
cpus: "0.25"
memory: 128M
labels:
com.composehub.description: PostgreSQL 16 database for Keycloak
networks:
keycloak:
driver: bridge
volumes:
keycloak_db:
driver: local
Quick Info
- Services
- 2
- Networks
- 1
- Volumes
- 1
When to Use
This template is ideal for setting up a keycloak environment. All services are pre-configured with healthchecks, resource limits, and sensible defaults. Customize environment variables before deploying to production.
Tips
- Change all default passwords before deploying
- Review resource limits for your hardware
- Add a reverse proxy for production HTTPS
- Configure backup strategies for data volumes