By zloy88
I tried to follow the tutorial on this page https://docs.digitalocean.com/products/marketplace/catalog/keycloak/ but i don’t manage that the keycloak admin url is running with a valid SSL certificate + it always redirects the domain to the IP address. How to solve that? And sorry, it’s my first experience with DigitalOcean + Keycloak.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hey there! 👋
The DigitalOcean KeyCloak Droplet uses the official Docker image, you can check out the documentation here:
https://www.keycloak.org/getting-started/getting-started-docker
The overall process, should look as follows:
Before you run the certbot
command you need to make sure your domain points to your Droplet’s IP address:
example.com
) to your Droplet’s public IP.Hostname | Type | Value |
---|---|---|
@ (or blank) | A | Your Droplet’s IP |
www | CNAME | example.com |
👉 Guide: How to Manage Domains in DigitalOcean
Now if you have already done that, you need to configure Nginx to properly handle your domain:
SSH into your Droplet:
ssh root@<your-droplet-ip>
Create a new server block configuration file for your domain:
nano /etc/nginx/sites-available/example.com
Add the following configuration to the file:
server {
listen 80;
server_name example.com www.example.com;
location ~ /.well-known {
allow all;
}
location / {
proxy_pass https://localhost:8443;
proxy_set_header Host $host:8443;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 9001;
server_name example.com www.example.com;
location ~ /.well-known {
allow all;
}
location / {
proxy_pass https://localhost:9000;
proxy_set_header Host $host:9000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Enable the server block by creating a symbolic link:
ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
Test Nginx and reload:
nginx -t
systemctl reload nginx
After that, the Keycloak Droplet comes with Certbot pre-installed, making it super easy to set up HTTPS:
Run the Certbot command:
certbot --nginx -d example.com -d www.example.com
Follow the prompts to complete the certificate setup. Certbot will automatically update your Nginx configuration to redirect HTTP traffic to HTTPS.
Test the setup by visiting https://example.com
in your browser.
Then on the Keycloak side, you need to inspect the Keycloak container to find the exact environment variables that need to be set to match your domain:
docker inspect keycloak
Note down the environment variables starting with KC_
and KEYCLOAK_
and mainly the KEYCLOAK_ADMIN_PASSWORD
, KC_DB_PASSWORD
and the YOUR_KEYSTORE_PASSWORD
.
Then stop the container:
docker stop keycloak
Then you can create a new Keycloak container and pass the domain as an environment variable:
docker run -d \
--name keycloak-domain \
--network host \
-e KEYCLOAK_ADMIN=admin \
-e KEYCLOAK_ADMIN_PASSWORD=<YOUR_ADMIN_PASSWORD> \
-e KC_HOSTNAME=example.com \
-e KC_HOSTNAME_STRICT=true \
-e KC_HOSTNAME_STRICT_HTTPS=true \
-e KC_DB=postgres \
-e KC_DB_URL=jdbc:postgresql://localhost:5432/keycloak \
-e KC_DB_USERNAME=keycloak \
-e KC_DB_PASSWORD=<YOUR_DB_PASSWORD> \
local-keycloak \
start \
--https-key-store-password=<YOUR_KEYSTORE_PASSWORD> \
--optimized
Here is an example of this running on my Droplet:
Let me know how it goes.
- Bobby
I got it running by creating a new docker container with this command
docker run -d \
--name keycloak-domain \
--network host \
-e KEYCLOAK_ADMIN=admin \
-e KEYCLOAK_ADMIN_PASSWORD=<Your_Password> \
-e KC_HOSTNAME=<Your_TLD> \
-e KC_HTTP_ENABLED=true \
-e HTTP_ADDRESS_FORWARDING=true \
-e KC_DB=postgres \
-e KC_DB_URL=jdbc:postgresql://localhost:5432/keycloak \
-e KC_DB_USERNAME=keycloak \
-e KC_DB_PASSWORD=<Your_DB_Password> \
-e KC_PROXY_HEADERS=xforwarded \
local-keycloak \
start \
--https-key-store-password=<Your_Key_Store_Password> \
--optimized >> /var/temp.log
Also the nginx setup was wrong. This guide was actually the solution.
https://du.nkel.dev/blog/2024-02-10_keycloak-docker-compose-nginx/
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Full documentation for every DigitalOcean product.
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.
New accounts only. By submitting your email you agree to our Privacy Policy
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.