How to Dockerize your Keycloak set up with nginx reverse proxy

If you have Dockerized Keycloak, you might need to access it over the internet or from outside your internal network. The most common standard is to run your Keycloak set up behind the reverse proxy. Then of course you have to configure HTTPS connection.

Flow

I will not write details on the setup. I assume you are familar with docker/docker-compose.

Keycloak docker-compose file

Below 3 settings in your docker-compose file are very important.

PROXY_ADDRESS_FORWARDING: "true"
REDIRECT_SOCKET: "proxy-https"
KEYCLOAK_FRONTEND_URL: https://keycloak.yourdomain.com/auth
version: '3'
volumes:
  mysql_data:
      driver: local
services:
mysql:
      image: mysql:8.0.20
      volumes:
        - mysql_data:/var/lib/mysql
      environment:
        MYSQL_ROOT_PASSWORD: root
        MYSQL_DATABASE: keycloak
        MYSQL_USER: keycloak
        MYSQL_PASSWORD: PASSWORD
      ports:
        - "3309:3306"
      networks:
        - your-docker-network
  keycloak:
      image: jboss/keycloak:latest
      environment:
        DB_VENDOR: MYSQL
        DB_ADDR: mysql
        DB_DATABASE: keycloak
        DB_USER: keycloak
        DB_PASSWORD: Pa55w0rd
        KEYCLOAK_USER: admin…