keycloakssoidentityoauthiam

Keycloak

Keycloak is an open-source identity and access management solution by Red Hat, providing single sign-on (SSO), identity brokering, user federation, and centralized authentication for modern applications. It supports OAuth 2.0, OpenID Connect, SAML 2.0, and LDAP/Active Directory integration out of the box. This stack deploys Keycloak 26 in production mode backed by PostgreSQL 16 for reliable storage of realms, users, clients, and sessions. Keycloak provides a powerful admin console for managing realms, configuring authentication flows, setting up MFA policies, and defining fine-grained authorization policies. It supports social login providers (Google, GitHub, Facebook, etc.), custom themes, user self-registration, account management, and a comprehensive REST API. After deployment, access the admin console on port 8080 and log in with the configured admin credentials to create your first realm and configure clients.

Ouvrir dans l'Éditeur Tous les Modèles2 services · 1 réseaux · 1 volumes

Services Inclus

keycloak

quay.io/keycloak/keycloak:26

redémarrage: always

Ports : 8080:8080

Env vars: 14

healthcheck

Variables d'Environnement :

KC_DB=postgres

KC_DB_URL_HOST=postgres

KC_DB_URL_PORT=5432

KC_DB_URL_DATABASE=${POSTGRES_DB:-keycloak}

KC_DB_USERNAME=${POSTGRES_USER:-keycloak}

KC_DB_PASSWORD=${POSTGRES_PASSWORD:-changeme}

KC_HOSTNAME=${KC_HOSTNAME:-localhost}

KC_HOSTNAME_STRICT=${KC_HOSTNAME_STRICT:-false}

KC_HTTP_ENABLED=${KC_HTTP_ENABLED:-true}

KC_PROXY_HEADERS=${KC_PROXY_HEADERS:-xforwarded}

KEYCLOAK_ADMIN=${KEYCLOAK_ADMIN:-admin}

KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD:-changeme}

KC_HEALTH_ENABLED=true

KC_METRICS_ENABLED=${KC_METRICS_ENABLED:-false}

postgres

postgres:16-alpine

redémarrage: always

volumes: 1 mount

Env vars: 3

healthcheck

Variables d'Environnement :

POSTGRES_DB=${POSTGRES_DB:-keycloak}

POSTGRES_USER=${POSTGRES_USER:-keycloak}

POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-changeme}

YAML Généré

# Generated by ComposeHub (composehub.dev)
name: keycloak
services:
  keycloak:
    image: quay.io/keycloak/keycloak:26
    restart: always
    command:
      - start
    ports:
      - 8080:8080
    environment:
      KC_DB: postgres
      KC_DB_URL_HOST: postgres
      KC_DB_URL_PORT: "5432"
      KC_DB_URL_DATABASE: ${POSTGRES_DB:-keycloak}
      KC_DB_USERNAME: ${POSTGRES_USER:-keycloak}
      KC_DB_PASSWORD: ${POSTGRES_PASSWORD:-changeme}
      KC_HOSTNAME: ${KC_HOSTNAME:-localhost}
      KC_HOSTNAME_STRICT: ${KC_HOSTNAME_STRICT:-false}
      KC_HTTP_ENABLED: ${KC_HTTP_ENABLED:-true}
      KC_PROXY_HEADERS: ${KC_PROXY_HEADERS:-xforwarded}
      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN:-admin}
      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-changeme}
      KC_HEALTH_ENABLED: "true"
      KC_METRICS_ENABLED: ${KC_METRICS_ENABLED:-false}
    networks:
      - keycloak
    depends_on:
      postgres:
        condition: service_healthy
    healthcheck:
      test:
        - CMD-SHELL
        - >-
          exec 3<>/dev/tcp/localhost/9000; echo -e "GET /health/ready HTTP/1.1\r\nhost: localhost\r\nConnection:
          close\r\n\r\n" >&3; timeout 1 cat <&3 | grep -q 200
      interval: 30s
      timeout: 10s
      retries: 5
      start_period: 90s
    deploy:
      resources:
        limits:
          cpus: "2.00"
          memory: 1536M
        reservations:
          cpus: "0.50"
          memory: 512M
    labels:
      com.composehub.description: Keycloak identity and access management server
  postgres:
    image: postgres:16-alpine
    restart: always
    volumes:
      - keycloak_db:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: ${POSTGRES_DB:-keycloak}
      POSTGRES_USER: ${POSTGRES_USER:-keycloak}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-changeme}
    networks:
      - keycloak
    healthcheck:
      test:
        - CMD-SHELL
        - pg_isready -U ${POSTGRES_USER:-keycloak} -d ${POSTGRES_DB:-keycloak}
      interval: 5s
      timeout: 5s
      retries: 10
      start_period: 30s
    deploy:
      resources:
        limits:
          cpus: "1.00"
          memory: 512M
        reservations:
          cpus: "0.25"
          memory: 128M
    labels:
      com.composehub.description: PostgreSQL 16 database for Keycloak
networks:
  keycloak:
    driver: bridge
volumes:
  keycloak_db:
    driver: local

Informations Rapides

Services: 2
Réseaux: 1
Volumes: 1

Quand l'Utiliser

Ce modèle est idéal pour mettre en place un environnement keycloak Tous les services sont préconfigurés avec des healthchecks, des limites de ressources et des valeurs par défaut raisonnables. Personnalisez les variables d'environnement avant de déployer en production.

Conseils

Changez tous les mots de passe par défaut avant le déploiement
Vérifiez les limites de ressources pour votre matériel
Ajoutez un reverse proxy pour le HTTPS en production
Configurez des stratégies de sauvegarde pour les volumes de données

Ouvrir dans l'Éditeur

Keycloak

Services Inclus

keycloak

quay.io/keycloak/keycloak:26

redémarrage: always

Ports : 8080:8080

Env vars: 14

healthcheck

Variables d'Environnement :

KC_DB=postgres

KC_DB_URL_HOST=postgres

KC_DB_URL_PORT=5432

KC_DB_URL_DATABASE=${POSTGRES_DB:-keycloak}

KC_DB_USERNAME=${POSTGRES_USER:-keycloak}

KC_DB_PASSWORD=${POSTGRES_PASSWORD:-changeme}

KC_HOSTNAME=${KC_HOSTNAME:-localhost}

KC_HOSTNAME_STRICT=${KC_HOSTNAME_STRICT:-false}

KC_HTTP_ENABLED=${KC_HTTP_ENABLED:-true}

KC_PROXY_HEADERS=${KC_PROXY_HEADERS:-xforwarded}

KEYCLOAK_ADMIN=${KEYCLOAK_ADMIN:-admin}

KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD:-changeme}

KC_HEALTH_ENABLED=true

KC_METRICS_ENABLED=${KC_METRICS_ENABLED:-false}

postgres

postgres:16-alpine

redémarrage: always

volumes: 1 mount

Env vars: 3

healthcheck

Variables d'Environnement :

POSTGRES_DB=${POSTGRES_DB:-keycloak}

POSTGRES_USER=${POSTGRES_USER:-keycloak}

POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-changeme}

YAML Généré

# Generated by ComposeHub (composehub.dev)
name: keycloak
services:
  keycloak:
    image: quay.io/keycloak/keycloak:26
    restart: always
    command:
      - start
    ports:
      - 8080:8080
    environment:
      KC_DB: postgres
      KC_DB_URL_HOST: postgres
      KC_DB_URL_PORT: "5432"
      KC_DB_URL_DATABASE: ${POSTGRES_DB:-keycloak}
      KC_DB_USERNAME: ${POSTGRES_USER:-keycloak}
      KC_DB_PASSWORD: ${POSTGRES_PASSWORD:-changeme}
      KC_HOSTNAME: ${KC_HOSTNAME:-localhost}
      KC_HOSTNAME_STRICT: ${KC_HOSTNAME_STRICT:-false}
      KC_HTTP_ENABLED: ${KC_HTTP_ENABLED:-true}
      KC_PROXY_HEADERS: ${KC_PROXY_HEADERS:-xforwarded}
      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN:-admin}
      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-changeme}
      KC_HEALTH_ENABLED: "true"
      KC_METRICS_ENABLED: ${KC_METRICS_ENABLED:-false}
    networks:
      - keycloak
    depends_on:
      postgres:
        condition: service_healthy
    healthcheck:
      test:
        - CMD-SHELL
        - >-
          exec 3<>/dev/tcp/localhost/9000; echo -e "GET /health/ready HTTP/1.1\r\nhost: localhost\r\nConnection:
          close\r\n\r\n" >&3; timeout 1 cat <&3 | grep -q 200
      interval: 30s
      timeout: 10s
      retries: 5
      start_period: 90s
    deploy:
      resources:
        limits:
          cpus: "2.00"
          memory: 1536M
        reservations:
          cpus: "0.50"
          memory: 512M
    labels:
      com.composehub.description: Keycloak identity and access management server
  postgres:
    image: postgres:16-alpine
    restart: always
    volumes:
      - keycloak_db:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: ${POSTGRES_DB:-keycloak}
      POSTGRES_USER: ${POSTGRES_USER:-keycloak}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-changeme}
    networks:
      - keycloak
    healthcheck:
      test:
        - CMD-SHELL
        - pg_isready -U ${POSTGRES_USER:-keycloak} -d ${POSTGRES_DB:-keycloak}
      interval: 5s
      timeout: 5s
      retries: 10
      start_period: 30s
    deploy:
      resources:
        limits:
          cpus: "1.00"
          memory: 512M
        reservations:
          cpus: "0.25"
          memory: 128M
    labels:
      com.composehub.description: PostgreSQL 16 database for Keycloak
networks:
  keycloak:
    driver: bridge
volumes:
  keycloak_db:
    driver: local