Member-only story
How to Dockerize your Keycloak set up with nginx reverse proxy
2 min readOct 31, 2020
If you have Dockerized Keycloak, you might need to access it over the internet or from outside your internal network. The most common standard is to run your Keycloak set up behind the reverse proxy. Then of course you have to configure HTTPS connection.
I will not write details on the setup. I assume you are familar with docker/docker-compose.
Keycloak docker-compose file
Below 3 settings in your docker-compose file are very important.
PROXY_ADDRESS_FORWARDING: "true"
REDIRECT_SOCKET: "proxy-https"
KEYCLOAK_FRONTEND_URL: https://keycloak.yourdomain.com/authversion: '3'volumes:
mysql_data:
driver: localservices:mysql:
image: mysql:8.0.20
volumes:
- mysql_data:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: keycloak
MYSQL_USER: keycloak
MYSQL_PASSWORD: PASSWORD
ports:
- "3309:3306"
networks:
- your-docker-network
keycloak:
image: jboss/keycloak:latest
environment:
DB_VENDOR: MYSQL
DB_ADDR: mysql
DB_DATABASE: keycloak
DB_USER: keycloak
DB_PASSWORD: Pa55w0rd
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: Pa55w0rd
PROXY_ADDRESS_FORWARDING: "true"
REDIRECT_SOCKET: "proxy-https"
KEYCLOAK_FRONTEND_URL: https://keycloak.yourdomain.com/auth
ports:
- "8080:8080"
networks:
- your-docker-network
depends_on:
- mysql
# Networks to be created to facilitate communication between containers
networks:
your-docker-network:
external:
name: your-docker-network-name
Nginx docker-compose file
version: '3'services:
nginx:
image: nginx
container_name: nginx
restart: on-failure
volumes:
- ./conf:/etc/nginx/conf.d
- /usr/local/certs:/etc/nginx/certs
ports:
- "80:80"
- "443:443"
networks:
- your-docker-network
# Networks to be created to facilitate communication between containers
networks:
your-docker-network:
external:
name: your-docker-network-name
