|
| 1 | +== Keycloak Configuration |
| 2 | + |
| 3 | +=== Database |
| 4 | + |
| 5 | +Create the Database and User in MariaDB or MySQL |
| 6 | + |
| 7 | +[source,sql] |
| 8 | +---- |
| 9 | +CREATE USER 'keycloak'@'%' IDENTIFIED BY 'keycloak'; |
| 10 | +CREATE DATABASE IF NOT EXISTS keycloak; |
| 11 | +GRANT ALL PRIVILEGES ON keycloak.* TO 'keycloak'@'%' WITH GRANT OPTION; |
| 12 | +---- |
| 13 | + |
| 14 | +=== Create the keystore file |
| 15 | + |
| 16 | +[source,bash] |
| 17 | +---- |
| 18 | +keytool -genkeypair -alias localhost -keyalg RSA -keysize 2048 -validity 365 -keystore server.keystore -dname "cn=Server Administrator,o=Acme,c=GB" -keypass secret -storepass secret |
| 19 | +---- |
| 20 | + |
| 21 | +=== Keycloak configuration |
| 22 | + |
| 23 | +Edit the /appl/keycloak/conf/keycloak.conf file with the configuration: |
| 24 | + |
| 25 | +[source,properties] |
| 26 | +---- |
| 27 | +# Database |
| 28 | +
|
| 29 | +# The database vendor. |
| 30 | +db=mariadb |
| 31 | +
|
| 32 | +# The username of the database user. |
| 33 | +db-username=keycloak |
| 34 | +
|
| 35 | +# The password of the database user. |
| 36 | +db-password=keycloak |
| 37 | +
|
| 38 | +# The full database JDBC URL. If not provided, a default URL is set based on the selected database vendor. |
| 39 | +db-url=jdbc:mariadb://localhost:3306/keycloak |
| 40 | +---- |
| 41 | + |
| 42 | + |
| 43 | +[source,bash] |
| 44 | +---- |
| 45 | +./kc.sh build --http-relative-path=/kc |
| 46 | +---- |
| 47 | + |
| 48 | +=== Keycloak Linux Service |
| 49 | + |
| 50 | +Create the /appl/systemd/systemd-env script file. |
| 51 | + |
| 52 | +[source,bash] |
| 53 | +---- |
| 54 | +JAVA_HOME=/appl/java/jdk21 |
| 55 | +PATH=/appl/java/jdk21/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin |
| 56 | +---- |
| 57 | + |
| 58 | +Create the /etc/systemd/system/keycloak.service file. |
| 59 | + |
| 60 | +[source,init] |
| 61 | +---- |
| 62 | +[Unit] |
| 63 | +Description=Keycloak Application Server |
| 64 | +After=syslog.target network.target |
| 65 | +
|
| 66 | +[Service] |
| 67 | +EnvironmentFile=/appl/systemd/systemd-env |
| 68 | +Type=simple |
| 69 | +TimeoutStopSec=0 |
| 70 | +KillSignal=SIGTERM |
| 71 | +KillMode=process |
| 72 | +SuccessExitStatus=143 |
| 73 | +LimitMEMLOCK=infinity |
| 74 | +SendSIGKILL=no |
| 75 | +WorkingDirectory=/appl/keycloak/ |
| 76 | +User=vilt |
| 77 | +Group=vilt |
| 78 | +LimitNOFILE=102642 |
| 79 | +ExecStart=/appl/keycloak/bin/kc.sh start --optimized --https-key-store-password=secret --hostname=https://localhost/kc --hostname-admin=https://localhost/kc |
| 80 | +
|
| 81 | +[Install] |
| 82 | +WantedBy=multi-user.target |
| 83 | +---- |
| 84 | + |
| 85 | +=== Configuring the Apache HTTP Server |
| 86 | + |
| 87 | +Add the follow lines in Apache HTTP Server configuration: |
| 88 | + |
| 89 | +[source,init] |
| 90 | +---- |
| 91 | +SSLProxyVerify none |
| 92 | +SSLProxyCheckPeerCN off |
| 93 | +SSLProxyCheckPeerName off |
| 94 | +SSLProxyCheckPeerExpire off |
| 95 | +
|
| 96 | +ProxyPass "/kc/" "https://localhost:8443/kc/" |
| 97 | +ProxyPassReverse "/kc/" "https://localhost:8443/kc/" |
| 98 | +---- |
0 commit comments