Public | Automated Build

Last pushed: 7 hours ago
Short Description
Short description is empty for this repo.
Full Description

Keycloak Docker image

Example Dockerfile with Keycloak server.


To boot in standalone mode

docker run jboss/keycloak

Creating admin account

By default there is no admin user created so you won't be able to login to the admin console. To create an admin account you need to use environment variables to pass in an initial username and password. This is done by running:


You can also create an account on an already running container by running:

docker exec <CONTAINER> keycloak/bin/ -u <USERNAME> -p <PASSWORD>

Then restarting the container:

docker restart <CONTAINER>

Specify log level

When starting the Keycloak instance you can pass a number an environment variables to set log level for Keycloak, for example:

docker run -e KEYCLOAK_LOGLEVEL=DEBUG jboss/keycloak

Enabling proxy address forwarding

When running Keycloak behind a proxy, you will need to enable proxy address forwarding.

docker run -e PROXY_ADDRESS_FORWARDING=true jboss/keycloak

Other details

This image extends the jboss/base-jdk image which adds the OpenJDK distribution on top of the jboss/base image. Please refer to the for selected images for more info.

Docker Pull Command
Source Repository

Comments (21)
a month ago

This setup worked for me:

I'm using Keycloak (Docker container) + Nginx (Host) as rever proxy + SSL Certificates issued by Letsencrypt.

4 months ago

Same problem here as already mentioned by dalu. It would be nice if you could proper document the volumes you need to configure for this image within OpenShift. I had to mount /log, /data, /tmp and /deployments within standalone folder. Then I get /opt/jboss/keycloak/standalone/configuration/ (Permission denied).
The version before was working fine.

5 months ago

I am getting the following errors:
While these files exists in the Docker
kubectl logs aam-vfwcx
/opt/jboss/ line 4: /opt/jboss/keycloak/bin/ No such file or directory
/opt/jboss/ line 7: /opt/jboss/keycloak/bin/ No such file or directory

5 months ago

When running in openshift

/opt/jboss/keycloak/standalone/configuration/keycloak-add-user.json (Permission denied)
  JBoss Bootstrap Environment
  JBOSS_HOME: /opt/jboss/keycloak
  JAVA: /usr/lib/jvm/java/bin/java
  JAVA_OPTS:  -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true
java.lang.IllegalArgumentException: Failed to instantiate class "org.jboss.logmanager.handlers.PeriodicRotatingFileHandler" for handler "FILE"
    at org.jboss.logmanager.config.AbstractPropertyConfiguration$ConstructAction.validate(
    at org.jboss.logmanager.config.LogContextConfigurationImpl.doPrepare(
    at org.jboss.logmanager.config.LogContextConfigurationImpl.prepare(
    at org.jboss.logmanager.config.LogContextConfigurationImpl.commit(
    at org.jboss.logmanager.PropertyConfigurator.configure(
    at org.jboss.logmanager.PropertyConfigurator.configure(
    at org.jboss.logmanager.LogManager.readConfiguration(
    at org.jboss.logmanager.LogManager.readConfiguration(
    at java.util.logging.LogManager$
    at java.util.logging.LogManager$
    at Method)
    at java.util.logging.LogManager.readPrimordialConfiguration(
    at java.util.logging.LogManager.access$800(
    at java.util.logging.LogManager$
    at Method)
    at java.util.logging.LogManager.ensureLogManagerInitialized(
    at java.util.logging.LogManager.getLogManager(
    at org.jboss.modules.Main.main(
Caused by: java.lang.reflect.InvocationTargetException
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(
    at java.lang.reflect.Constructor.newInstance(
    at org.jboss.logmanager.config.AbstractPropertyConfiguration$ConstructAction.validate(
    ... 17 more
Caused by: /opt/jboss/keycloak/standalone/log/server.log (No such file or directory)
    at Method)
    at org.jboss.logmanager.handlers.FileHandler.setFile(
    at org.jboss.logmanager.handlers.PeriodicRotatingFileHandler.setFile(
    at org.jboss.logmanager.handlers.FileHandler.setFileName(
    at org.jboss.logmanager.handlers.FileHandler.<init>(
    at org.jboss.logmanager.handlers.PeriodicRotatingFileHandler.<init>(
    ... 22 more
java.lang.IllegalStateException: WFLYSRV0124: Could not create server data directory: /opt/jboss/keycloak/standalone/data
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(
    at java.lang.reflect.Method.invoke(
at org.jboss.modules.Main.main(
7 months ago

@homains :

/opt/jboss/keycloak/standalone/data is where the H2 data is stored, /opt/jboss/keycloak/standalone/log holds the log files... if you mount these 2 as a volume, your installation survives restarts and you have access to the logs.

Remark that from that point on, you will see the error message that campbellrw mentioned (but that does not seem to impact the working).

Also remark that this tutorial explains in its "next steps" section what to do before putting it in production (which is more than just mapping the volumes) :

8 months ago

as this is a stand alone , how can I map the data volumes ???

8 months ago

I'm running the command:
docker run --name keycloak -d -p 8080:8080 -e KEYCLOAK_USER=doronbl -e KEYCLOAK_PASSWORD=doronbl jboss/keycloak

Images are starting to be downloaded. However, after a while I get the following error message:
2e00ab875fe2: Download complete
not found
Tag latest not found in repository

Tried with other tags, however got similar results.

8 months ago

I currently put environment variables in my Dockerfile to create the admin user. This builds and runs fine. I did notice however that if I stop my container, and then start it again, it will attempt to re-add that admin user, as I can see by an error message that Keycloak reports when it's starting. It complains that it's attempting to add an existing user. Is there a way around this?

8 months ago

See for setting up keycloak to run behind Nginx proxy.

Also, the example of setting up keycloak + nginx + let's encrypt ssl certs (please skip the React Native bit and look at the Docker Compose config).