Initial commit

.env.example

@@ -0,0 +1,14 @@
+KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak
+KC_DB_USERNAME=keycloak_user
+KC_DB_PASSWORD=''
+
+KC_BOOTSTRAP_ADMIN_USERNAME=admin
+KC_BOOTSTRAP_ADMIN_PASSWORD=''
+
+KC_HOSTNAME=https://auth.example.com
+KC_HTTP_ENABLED=true
+KC_PROXY_HEADERS=xforwarded
+
+#JAVA_OPTS_KC_HEAP='-XX:MaxHeapFreeRatio=30 -XX:MaxRAMPercentage=65'
+JAVA_OPTS_KC_HEAP='-Xms512m -Xmx768m -XX:MaxMetaspaceSize=256m -XX:+UseG1GC'
+

.gitignore

@@ -0,0 +1 @@
+.env

Dockerfile

@@ -0,0 +1,16 @@
+FROM quay.io/keycloak/keycloak:26.4.0 AS builder
+
+ENV KC_DB=postgres
+ENV KC_FEATURES=hostname:v2
+ENV KC_HEALTH_ENABLED=true
+ENV KC_METRICS_ENABLED=true
+
+WORKDIR /opt/keycloak
+
+RUN /opt/keycloak/bin/kc.sh build
+
+FROM quay.io/keycloak/keycloak:26.4.0
+COPY --from=builder /opt/keycloak/ /opt/keycloak/
+
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
+

LICENSE

@@ -0,0 +1,18 @@
+MIT License
+
+Copyright (c) 2025 y9938
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
+associated documentation files (the "Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the
+following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial
+portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO
+EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,23 @@
+# keycloak-setup
+
+> Docker setup
+
+Check `add-spi` branch for Service Provider Interfaces (SPI)
+
+## Setup
+
+```bash
+cp .env.example .env
+docker compose up -d
+```
+
+### Reverse proxy (Caddy)
+
+`Caddyfile`
+
+```
+account.yourdomain.com {
+    reverse_proxy keycloak:8080
+}
+```
+

compose.yaml

@@ -0,0 +1,26 @@
+services:
+  keycloak:
+    build: .
+    container_name: keycloak
+    restart: unless-stopped
+    command: start --optimized
+    env_file: .env
+#    mem_limit: 768M
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    expose:
+      - "8080"
+    ports:
+      - "127.0.0.1:9000:9000"  # Health/Metrics
+    networks:
+      - db
+      - proxify 
+
+networks:
+  db:
+    name: db
+    external: true
+  proxify:
+    name: proxify
+    external: true
+