Adapted from https://medium.com/@hasnat.saeed/setup-keycloak-server-on-ubuntu-18-04-ed8c7c79a2d9
Click Keycloak on OpenJDK https://www.keycloak.org/getting-started/getting-started-zip
Setup Server on Cybera Rapid Access Cloud. ssh rac
Download Keycloak
wget <https://downloads.jboss.org/keycloak/13.0.0/keycloak-13.0.0.zip>
wget <https://github.com/keycloak/keycloak/releases/download/13.0.0/keycloak-13.0.0.tar.gz>
Extract and move to /opt/keycloak
tar -xvzf keycloak-13.0.0.tar.gz
sudo mv keycloak-13.0.0 /opt/keycloak
Create the keycloak
user and group
sudo adduser --system --gecos 'keycloak identity and access management' \\
--group --disabled-password --shell /sbin/nologin --home /opt/keycloak \\
keycloak
Set the appropriate permissions to /opt/keycloak
sudo chown -R keycloak: /opt/keycloak
sudo chmod o+x /opt/keycloak/bin/
Create configuration directory /etc/keycloak
and copy over the default configuration as keycloak.conf
sudo mkdir -p /etc/keycloak
sudo cp /opt/keycloak/docs/contrib/scripts/systemd/wildfly.conf /etc/keycloak/keycloak.conf
Copy over launch script into /opt/keycloak/bin
sudo cp /opt/keycloak/docs/contrib/scripts/systemd/launch.sh /opt/keycloak/bin/
Set launch script owner to be keycloak
sudo chown keycloak: /opt/keycloak/bin/launch.sh
Update the launch script WILDFLY_HOME
variable to be /opt/keycloak
#!/bin/bash
if [ "x$WILDFLY_HOME" = "x" ]; then
WILDFLY_HOME="/opt/keycloak"
fi
if [[ "$1" == "domain" ]]; then
$WILDFLY_HOME/bin/domain.sh -c $2 -b $3
else
$WILDFLY_HOME/bin/standalone.sh -c $2 -b $3
fi
Copy over the default service definition file as keycloak.service
sudo cp /opt/keycloak/docs/contrib/scripts/systemd/wildfly.service /etc/systemd/system/keycloak.service
Update the service file, changing wildfly to keycloak
[Unit]
Description=Keycloak Server
After=syslog.target network.target
Before=httpd.service
[Service]
Environment=LAUNCH_JBOSS_IN_BACKGROUND=1
EnvironmentFile=-/etc/keycloak/keycloak.conf
User=keycloak
Group=keycloak
LimitNOFILE=102642
PIDFile=/var/run/keycloak/keycloak.pid
ExecStart=/opt/keycloak/bin/launch.sh $WILDFLY_MODE $WILDFLY_CONFIG $WILDFLY_BIND
StandardOutput=null
[Install]
WantedBy=multi-user.target
Reload systemd
, enable and run the keycloak service
sudo systemctl daemon-reload
sudo systemctl enable keycloak
sudo systemctl start keycloak
Keycloak application should now be available, ensure firewall and security groups permit traffic to the keycloak server (inbound TCP 8080)
systemctl status keycloak
sudo tail -f /opt/keycloak/standalone/log/server.log
Create a new user using the server script
sudo ./add-user-keycloak.sh -u alex
sudo chown -R keycloak: /opt/keycloak # new user json permissions
sudo systemctl restart keycloak
Create a nginx mapping to proxypass a domain name to 8080
Setup certbot to provision SSL certificates