Setup Keycloak on Docker with SSL

Keycloak is an open-source identity and access management solution that provides single sign-on (SSO), user federation, and fine-grained authorization to secure applications and services.

Hello there, if you’re looking to deploy Keycloak on Docker with SSL let’s encrypt then this tutorial for you.

Getting Started.

You need a VM with at least:

2GB of RAM
1 VCPU
2GB of Free Storage
Ubuntu 18.04+

We will assume that you have Docker already installed if not this is a guide to get you started:

Install Docker Engine

Now with Docker installed and running let’s get started.

First let’s prepare the certificate files, install Certbot:

sudo apt install software-properties-common
sudo add-apt-repository universe
sudo apt update
snap install certbot — classic

Make sure that you have a domain name or subdomain pointing to your VM IP address, after that we should run the following command to generate the certificate files:

sudo certbot certonly — standalone -d yourdomain.com

Let’s move to the location of the newly generated certificate files and update their names so Keycloak can detect them:


cd /etc/letsencrypt/live/yourdomain.com/sudo mv cert.pem tls.crt
sudo mv privkey.pem tls.key

Create a new directory to mount with the Keycloak container:


sudo mkdir /keys

Copy certificate files to the new directory:


sudo cp * /keys

Now change the permissions of the folder with:


sudo chmod -R 655 /keys

and that’s it now we have our certificate files ready to use.

In the next part we will run the Keycloak container and mount the certificate files.

Before we run Keycloak container make sure ports 8080 (for http) and 8443 (for https) are open.

Now let’s run the container with the latest build and map the certificate files:


docker run -v /keys:/etc/x509/https -p 8080:8080 -p 8443:8443 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin jboss/keycloak

Note: at this point you should see a message indicating that the Keycloak Keystore has been created.

Wait for about 3–5 minutes you will have Keycloak running, go to:

https://yourdomain.com:8443 and access the Administration console using admin/admin as username/password and that’s it, Enjoy your Keycloak server!

For any questions or comment please make sure to leave a comment below and for more related Keycloak/Linux Topics make sure to follow me.