Adapted from https://medium.com/@hasnat.saeed/setup-keycloak-server-on-ubuntu-18-04-ed8c7c79a2d9

1. Go to https://www.keycloak.org/

2. Go to https://www.keycloak.org/getting-started

3. Click Keycloak on OpenJDK https://www.keycloak.org/getting-started/getting-started-zip

4. Setup Server on Cybera Rapid Access Cloud. ssh rac

   1. Follow along. Ensure you have OpenJDK 1.8 or newer installed.

5. Download Keycloak

   wget <https://downloads.jboss.org/keycloak/13.0.0/keycloak-13.0.0.zip>
   

   wget <https://github.com/keycloak/keycloak/releases/download/13.0.0/keycloak-13.0.0.tar.gz>
   

6. Extract and move to /opt/keycloak

   tar -xvzf keycloak-13.0.0.tar.gz
   sudo mv keycloak-13.0.0 /opt/keycloak
   

7. Create the keycloak user and group

   sudo adduser --system --gecos 'keycloak identity and access management' \\
     --group --disabled-password --shell /sbin/nologin --home /opt/keycloak \\
     keycloak
   

8. Set the appropriate permissions to /opt/keycloak

   sudo chown -R keycloak: /opt/keycloak
   sudo chmod o+x /opt/keycloak/bin/
   

9. Create configuration directory /etc/keycloak and copy over the default configuration as keycloak.conf

   sudo mkdir -p /etc/keycloak
   sudo cp /opt/keycloak/docs/contrib/scripts/systemd/wildfly.conf /etc/keycloak/keycloak.conf
   

10. Copy over launch script into /opt/keycloak/bin

    sudo cp /opt/keycloak/docs/contrib/scripts/systemd/launch.sh /opt/keycloak/bin/
    

11. Set launch script owner to be keycloak

    sudo chown keycloak: /opt/keycloak/bin/launch.sh
    

12. Update the launch script WILDFLY_HOME variable to be /opt/keycloak

    #!/bin/bash
    
    if [ "x$WILDFLY_HOME" = "x" ]; then
        WILDFLY_HOME="/opt/keycloak"
    fi
    
    if [[ "$1" == "domain" ]]; then
        $WILDFLY_HOME/bin/domain.sh -c $2 -b $3
    else
        $WILDFLY_HOME/bin/standalone.sh -c $2 -b $3
    fi
    

13. Copy over the default service definition file as keycloak.service

    sudo cp /opt/keycloak/docs/contrib/scripts/systemd/wildfly.service /etc/systemd/system/keycloak.service
    

14. Update the service file, changing wildfly to keycloak

    [Unit]
    Description=Keycloak Server
    After=syslog.target network.target
    Before=httpd.service
    
    [Service]
    Environment=LAUNCH_JBOSS_IN_BACKGROUND=1
    EnvironmentFile=-/etc/keycloak/keycloak.conf
    User=keycloak
    Group=keycloak
    LimitNOFILE=102642
    PIDFile=/var/run/keycloak/keycloak.pid
    ExecStart=/opt/keycloak/bin/launch.sh $WILDFLY_MODE $WILDFLY_CONFIG $WILDFLY_BIND
    StandardOutput=null
    
    [Install]
    WantedBy=multi-user.target
    

15. Reload systemd , enable and run the keycloak service

    sudo systemctl daemon-reload
    sudo systemctl enable keycloak
    sudo systemctl start keycloak
    

16. Keycloak application should now be available, ensure firewall and security groups permit traffic to the keycloak server (inbound TCP 8080)

    systemctl status keycloak
    sudo tail -f /opt/keycloak/standalone/log/server.log
    

17. Create a new user using the server script

    sudo ./add-user-keycloak.sh -u alex
    sudo chown -R keycloak: /opt/keycloak # new user json permissions
    sudo systemctl restart keycloak
    

18. Create a nginx mapping to proxypass a domain name to 8080

19. Setup certbot to provision SSL certificates