keycloakssoidentityoauthiam

Keycloak

Keycloak is an open-source identity and access management solution by Red Hat, providing single sign-on (SSO), identity brokering, user federation, and centralized authentication for modern applications. It supports OAuth 2.0, OpenID Connect, SAML 2.0, and LDAP/Active Directory integration out of the box. This stack deploys Keycloak 26 in production mode backed by PostgreSQL 16 for reliable storage of realms, users, clients, and sessions. Keycloak provides a powerful admin console for managing realms, configuring authentication flows, setting up MFA policies, and defining fine-grained authorization policies. It supports social login providers (Google, GitHub, Facebook, etc.), custom themes, user self-registration, account management, and a comprehensive REST API. After deployment, access the admin console on port 8080 and log in with the configured admin credentials to create your first realm and configure clients.

Apri nell'Editor Tutti i Template2 servizi · 1 reti · 1 volumi

Servizi Inclusi

keycloak

quay.io/keycloak/keycloak:26

riavvio: always

Porte: 8080:8080

Env vars: 14

healthcheck

Variabili d'Ambiente:

KC_DB=postgres

KC_DB_URL_HOST=postgres

KC_DB_URL_PORT=5432

KC_DB_URL_DATABASE=${POSTGRES_DB:-keycloak}

KC_DB_USERNAME=${POSTGRES_USER:-keycloak}

KC_DB_PASSWORD=${POSTGRES_PASSWORD:-changeme}

KC_HOSTNAME=${KC_HOSTNAME:-localhost}

KC_HOSTNAME_STRICT=${KC_HOSTNAME_STRICT:-false}

KC_HTTP_ENABLED=${KC_HTTP_ENABLED:-true}

KC_PROXY_HEADERS=${KC_PROXY_HEADERS:-xforwarded}

KEYCLOAK_ADMIN=${KEYCLOAK_ADMIN:-admin}

KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD:-changeme}

KC_HEALTH_ENABLED=true

KC_METRICS_ENABLED=${KC_METRICS_ENABLED:-false}

postgres

postgres:16-alpine

riavvio: always

volumi: 1 mount

Env vars: 3

healthcheck

Variabili d'Ambiente:

POSTGRES_DB=${POSTGRES_DB:-keycloak}

POSTGRES_USER=${POSTGRES_USER:-keycloak}

POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-changeme}

YAML Generato

# Generated by ComposeHub (composehub.dev)
name: keycloak
services:
  keycloak:
    image: quay.io/keycloak/keycloak:26
    restart: always
    command:
      - start
    ports:
      - 8080:8080
    environment:
      KC_DB: postgres
      KC_DB_URL_HOST: postgres
      KC_DB_URL_PORT: "5432"
      KC_DB_URL_DATABASE: ${POSTGRES_DB:-keycloak}
      KC_DB_USERNAME: ${POSTGRES_USER:-keycloak}
      KC_DB_PASSWORD: ${POSTGRES_PASSWORD:-changeme}
      KC_HOSTNAME: ${KC_HOSTNAME:-localhost}
      KC_HOSTNAME_STRICT: ${KC_HOSTNAME_STRICT:-false}
      KC_HTTP_ENABLED: ${KC_HTTP_ENABLED:-true}
      KC_PROXY_HEADERS: ${KC_PROXY_HEADERS:-xforwarded}
      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN:-admin}
      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-changeme}
      KC_HEALTH_ENABLED: "true"
      KC_METRICS_ENABLED: ${KC_METRICS_ENABLED:-false}
    networks:
      - keycloak
    depends_on:
      postgres:
        condition: service_healthy
    healthcheck:
      test:
        - CMD-SHELL
        - >-
          exec 3<>/dev/tcp/localhost/9000; echo -e "GET /health/ready HTTP/1.1\r\nhost: localhost\r\nConnection:
          close\r\n\r\n" >&3; timeout 1 cat <&3 | grep -q 200
      interval: 30s
      timeout: 10s
      retries: 5
      start_period: 90s
    deploy:
      resources:
        limits:
          cpus: "2.00"
          memory: 1536M
        reservations:
          cpus: "0.50"
          memory: 512M
    labels:
      com.composehub.description: Keycloak identity and access management server
  postgres:
    image: postgres:16-alpine
    restart: always
    volumes:
      - keycloak_db:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: ${POSTGRES_DB:-keycloak}
      POSTGRES_USER: ${POSTGRES_USER:-keycloak}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-changeme}
    networks:
      - keycloak
    healthcheck:
      test:
        - CMD-SHELL
        - pg_isready -U ${POSTGRES_USER:-keycloak} -d ${POSTGRES_DB:-keycloak}
      interval: 5s
      timeout: 5s
      retries: 10
      start_period: 30s
    deploy:
      resources:
        limits:
          cpus: "1.00"
          memory: 512M
        reservations:
          cpus: "0.25"
          memory: 128M
    labels:
      com.composehub.description: PostgreSQL 16 database for Keycloak
networks:
  keycloak:
    driver: bridge
volumes:
  keycloak_db:
    driver: local

Informazioni Rapide

Servizi: 2
Reti: 1
Volumi: 1

Quando Usarlo

Questo template è ideale per configurare un ambiente keycloak Tutti i servizi sono preconfigurati con healthchecks, limiti di risorse e valori predefiniti sensati. Personalizza le variabili d'ambiente prima di fare il deploy in produzione.

Consigli

Cambia tutte le password predefinite prima del deploy
Verifica i limiti di risorse per il tuo hardware
Aggiungi un reverse proxy per HTTPS in produzione
Configura strategie di backup per i volumi di dati

Apri nell'Editor

Keycloak

Servizi Inclusi

keycloak

quay.io/keycloak/keycloak:26

riavvio: always

Porte: 8080:8080

Env vars: 14

healthcheck

Variabili d'Ambiente:

KC_DB=postgres

KC_DB_URL_HOST=postgres

KC_DB_URL_PORT=5432

KC_DB_URL_DATABASE=${POSTGRES_DB:-keycloak}

KC_DB_USERNAME=${POSTGRES_USER:-keycloak}

KC_DB_PASSWORD=${POSTGRES_PASSWORD:-changeme}

KC_HOSTNAME=${KC_HOSTNAME:-localhost}

KC_HOSTNAME_STRICT=${KC_HOSTNAME_STRICT:-false}

KC_HTTP_ENABLED=${KC_HTTP_ENABLED:-true}

KC_PROXY_HEADERS=${KC_PROXY_HEADERS:-xforwarded}

KEYCLOAK_ADMIN=${KEYCLOAK_ADMIN:-admin}

KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD:-changeme}

KC_HEALTH_ENABLED=true

KC_METRICS_ENABLED=${KC_METRICS_ENABLED:-false}

postgres

postgres:16-alpine

riavvio: always

volumi: 1 mount

Env vars: 3

healthcheck

Variabili d'Ambiente:

POSTGRES_DB=${POSTGRES_DB:-keycloak}

POSTGRES_USER=${POSTGRES_USER:-keycloak}

POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-changeme}

YAML Generato

# Generated by ComposeHub (composehub.dev)
name: keycloak
services:
  keycloak:
    image: quay.io/keycloak/keycloak:26
    restart: always
    command:
      - start
    ports:
      - 8080:8080
    environment:
      KC_DB: postgres
      KC_DB_URL_HOST: postgres
      KC_DB_URL_PORT: "5432"
      KC_DB_URL_DATABASE: ${POSTGRES_DB:-keycloak}
      KC_DB_USERNAME: ${POSTGRES_USER:-keycloak}
      KC_DB_PASSWORD: ${POSTGRES_PASSWORD:-changeme}
      KC_HOSTNAME: ${KC_HOSTNAME:-localhost}
      KC_HOSTNAME_STRICT: ${KC_HOSTNAME_STRICT:-false}
      KC_HTTP_ENABLED: ${KC_HTTP_ENABLED:-true}
      KC_PROXY_HEADERS: ${KC_PROXY_HEADERS:-xforwarded}
      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN:-admin}
      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-changeme}
      KC_HEALTH_ENABLED: "true"
      KC_METRICS_ENABLED: ${KC_METRICS_ENABLED:-false}
    networks:
      - keycloak
    depends_on:
      postgres:
        condition: service_healthy
    healthcheck:
      test:
        - CMD-SHELL
        - >-
          exec 3<>/dev/tcp/localhost/9000; echo -e "GET /health/ready HTTP/1.1\r\nhost: localhost\r\nConnection:
          close\r\n\r\n" >&3; timeout 1 cat <&3 | grep -q 200
      interval: 30s
      timeout: 10s
      retries: 5
      start_period: 90s
    deploy:
      resources:
        limits:
          cpus: "2.00"
          memory: 1536M
        reservations:
          cpus: "0.50"
          memory: 512M
    labels:
      com.composehub.description: Keycloak identity and access management server
  postgres:
    image: postgres:16-alpine
    restart: always
    volumes:
      - keycloak_db:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: ${POSTGRES_DB:-keycloak}
      POSTGRES_USER: ${POSTGRES_USER:-keycloak}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-changeme}
    networks:
      - keycloak
    healthcheck:
      test:
        - CMD-SHELL
        - pg_isready -U ${POSTGRES_USER:-keycloak} -d ${POSTGRES_DB:-keycloak}
      interval: 5s
      timeout: 5s
      retries: 10
      start_period: 30s
    deploy:
      resources:
        limits:
          cpus: "1.00"
          memory: 512M
        reservations:
          cpus: "0.25"
          memory: 128M
    labels:
      com.composehub.description: PostgreSQL 16 database for Keycloak
networks:
  keycloak:
    driver: bridge
volumes:
  keycloak_db:
    driver: local