From 6362de5cc5c86dae5210ba00b7e159a09578865b Mon Sep 17 00:00:00 2001
From: y9938 <nbla6302@gmail.com>
Date: Sun, 12 Oct 2025 13:03:56 +0300
Subject: [PATCH] Initial commit

---
 .env.example | 14 ++++++++++++++
 .gitignore   |  1 +
 Dockerfile   | 16 ++++++++++++++++
 LICENSE      | 18 ++++++++++++++++++
 README.md    | 23 +++++++++++++++++++++++
 compose.yaml | 26 ++++++++++++++++++++++++++
 6 files changed, 98 insertions(+)
 create mode 100644 .env.example
 create mode 100644 .gitignore
 create mode 100644 Dockerfile
 create mode 100644 LICENSE
 create mode 100644 README.md
 create mode 100644 compose.yaml

diff --git a/.env.example b/.env.example
new file mode 100644
index 0000000..3da7097
--- /dev/null
+++ b/.env.example
@@ -0,0 +1,14 @@
+KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak
+KC_DB_USERNAME=keycloak_user
+KC_DB_PASSWORD=''
+
+KC_BOOTSTRAP_ADMIN_USERNAME=admin
+KC_BOOTSTRAP_ADMIN_PASSWORD=''
+
+KC_HOSTNAME=https://auth.example.com
+KC_HTTP_ENABLED=true
+KC_PROXY_HEADERS=xforwarded
+
+#JAVA_OPTS_KC_HEAP='-XX:MaxHeapFreeRatio=30 -XX:MaxRAMPercentage=65'
+JAVA_OPTS_KC_HEAP='-Xms512m -Xmx768m -XX:MaxMetaspaceSize=256m -XX:+UseG1GC'
+
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..4c49bd7
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.env
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..7a95e8f
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,16 @@
+FROM quay.io/keycloak/keycloak:26.4.0 AS builder
+
+ENV KC_DB=postgres
+ENV KC_FEATURES=hostname:v2
+ENV KC_HEALTH_ENABLED=true
+ENV KC_METRICS_ENABLED=true
+
+WORKDIR /opt/keycloak
+
+RUN /opt/keycloak/bin/kc.sh build
+
+FROM quay.io/keycloak/keycloak:26.4.0
+COPY --from=builder /opt/keycloak/ /opt/keycloak/
+
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
+
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..e9d9de0
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,18 @@
+MIT License
+
+Copyright (c) 2025 y9938
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
+associated documentation files (the "Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the
+following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial
+portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO
+EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..7ee1645
--- /dev/null
+++ b/README.md
@@ -0,0 +1,23 @@
+# keycloak-setup
+
+> Docker setup
+
+Check `add-spi` branch for Service Provider Interfaces (SPI)
+
+## Setup
+
+```bash
+cp .env.example .env
+docker compose up -d
+```
+
+### Reverse proxy (Caddy)
+
+`Caddyfile`
+
+```
+account.yourdomain.com {
+    reverse_proxy keycloak:8080
+}
+```
+
diff --git a/compose.yaml b/compose.yaml
new file mode 100644
index 0000000..276c7bf
--- /dev/null
+++ b/compose.yaml
@@ -0,0 +1,26 @@
+services:
+  keycloak:
+    build: .
+    container_name: keycloak
+    restart: unless-stopped
+    command: start --optimized
+    env_file: .env
+#    mem_limit: 768M
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    expose:
+      - "8080"
+    ports:
+      - "127.0.0.1:9000:9000"  # Health/Metrics
+    networks:
+      - db
+      - proxify 
+
+networks:
+  db:
+    name: db
+    external: true
+  proxify:
+    name: proxify
+    external: true
+