Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
# first update and upgrade the server
sudo apt update -y
sudo apt upgrade -y
# install nginx for reverse proxy
sudo apt install nginx -y
# create a new file with the name, say, "keycloak_auth_server" (without any extension) inside the /etc/nginx/sites-available directory
# add the below configuration in that file
server{
listen 80 default_server;
listen [::]:80 default_server;
server_name DOMAIN-NAME-OR-IP-ADDRESS-OF-SERVER;
location / {
proxy_pass http://0.0.0.0:8080; # keycloak runs on port 8080 by default
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
# if there is already a "default" file inside /etc/nginx/sites-enabled, go ahead and delete that
# now, add a simlink (shortcut) of this file into that sites-enabled folder
sudo ln -s /etc/nginx/sites-available/keycloak_auth_server /etc/nginx/sites-enabled
# install java jre because keycloak runs on java
sudo apt install openjdk-8-jre -y
# download any version of keycloak and extract it
wget wget https://github.com/keycloak/keycloak/releases/download/15.0.0/keycloak-15.0.0.tar.gz
tar -xvzf keycloak-15.0.0.tar.gz
# open the standalone.xml file inside the keycloak folder (keycloak-15.0.0/standalone/configuration/standalone.xml)
# Here you will have to look for the following (+- line 572):
# <server name="default-server">
# <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true" />
# ...
# </server>
# And add the proxy-address-forwarding="true" like this:
# <server name="default-server">
# <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true" proxy-address-forwarding="true" />
# ...
# </server>
# create an admin user on keycloak
# cd into the bin directory inside keycloak folder (keycloak-15.0.0/bin) and run the add-user-keycloak.sh file
bash ./add-user-keycloak.sh -u admin
# install certbot and get the certificates
sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx -d DOMAIN-NAME-OR-IP-ADDRESS-OF-SERVER
# after running the certbot command, your "keycloak_auth_server" nginx configuration should look something like this
server{
server_name DOMAIN-NAME-OR-IP-ADDRESS-OF-SERVER;
location / {
proxy_pass http://0.0.0.0:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/DOMAIN-NAME-OR-IP-ADDRESS-OF-SERVER/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/DOMAIN-NAME-OR-IP-ADDRESS-OF-SERVER/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server{
if ($host = DOMAIN-NAME-OR-IP-ADDRESS-OF-SERVER) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name DOMAIN-NAME-OR-IP-ADDRESS-OF-SERVER;
return 404; # managed by Certbot
}
# cd into the bin directory inside keycloak folder (keycloak-15.0.0/bin) and run the standalone.sh file
./standalone.sh -b=0.0.0.0 -bmanagement=0.0.0.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment