Public | Automated Build

Last pushed: a month ago
Short Description
Short description is empty for this repo.
Full Description

Keycloak Docker image

Example Dockerfile with Keycloak server.

Usage

To boot in standalone mode

docker run jboss/keycloak

Creating admin account

By default there is no admin user created so you won't be able to login to the admin console. To create an admin account you need to use environment variables to pass in an initial username and password. This is done by running:

docker run -e KEYCLOAK_USER=<USERNAME> -e KEYCLOAK_PASSWORD=<PASSWORD> jboss/keycloak

You can also create an account on an already running container by running:

docker exec <CONTAINER> keycloak/bin/add-user-keycloak.sh -u <USERNAME> -p <PASSWORD>

Then restarting the container:

docker restart <CONTAINER>

Specify log level

When starting the Keycloak instance you can pass a number an environment variables to set log level for Keycloak, for example:

docker run -e KEYCLOAK_LOGLEVEL=DEBUG jboss/keycloak

Other details

This image extends the jboss/base-jdk image which adds the OpenJDK distribution on top of the jboss/base image. Please refer to the README.md for selected images for more info.

Docker Pull Command
Owner
jboss
Source Repository

Comments (20)
spahrson
25 days ago

Same problem here as already mentioned by dalu. It would be nice if you could proper document the volumes you need to configure for this image within OpenShift. I had to mount /log, /data, /tmp and /deployments within standalone folder. Then I get java.io.FileNotFoundException: /opt/jboss/keycloak/standalone/configuration/application-users.properties (Permission denied).
The version before was working fine.
Advice?

malishahi
2 months ago

I am getting the following errors:
While these files exists in the Docker
kubectl logs aam-vfwcx
/opt/jboss/docker-entrypoint.sh: line 4: /opt/jboss/keycloak/bin/add-user-keycloak.sh: No such file or directory
/opt/jboss/docker-entrypoint.sh: line 7: /opt/jboss/keycloak/bin/standalone.sh: No such file or directory

dalu
2 months ago

When running in openshift

/opt/jboss/keycloak/standalone/configuration/keycloak-add-user.json (Permission denied)
=========================================================================
  JBoss Bootstrap Environment
  JBOSS_HOME: /opt/jboss/keycloak
  JAVA: /usr/lib/jvm/java/bin/java
  JAVA_OPTS:  -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true
=========================================================================
java.lang.IllegalArgumentException: Failed to instantiate class "org.jboss.logmanager.handlers.PeriodicRotatingFileHandler" for handler "FILE"
    at org.jboss.logmanager.config.AbstractPropertyConfiguration$ConstructAction.validate(AbstractPropertyConfiguration.java:116)
    at org.jboss.logmanager.config.LogContextConfigurationImpl.doPrepare(LogContextConfigurationImpl.java:335)
    at org.jboss.logmanager.config.LogContextConfigurationImpl.prepare(LogContextConfigurationImpl.java:288)
    at org.jboss.logmanager.config.LogContextConfigurationImpl.commit(LogContextConfigurationImpl.java:297)
    at org.jboss.logmanager.PropertyConfigurator.configure(PropertyConfigurator.java:546)
    at org.jboss.logmanager.PropertyConfigurator.configure(PropertyConfigurator.java:97)
    at org.jboss.logmanager.LogManager.readConfiguration(LogManager.java:514)
    at org.jboss.logmanager.LogManager.readConfiguration(LogManager.java:476)
    at java.util.logging.LogManager$3.run(LogManager.java:399)
    at java.util.logging.LogManager$3.run(LogManager.java:396)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.util.logging.LogManager.readPrimordialConfiguration(LogManager.java:396)
    at java.util.logging.LogManager.access$800(LogManager.java:145)
    at java.util.logging.LogManager$2.run(LogManager.java:345)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.util.logging.LogManager.ensureLogManagerInitialized(LogManager.java:338)
    at java.util.logging.LogManager.getLogManager(LogManager.java:378)
    at org.jboss.modules.Main.main(Main.java:482)
Caused by: java.lang.reflect.InvocationTargetException
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
    at org.jboss.logmanager.config.AbstractPropertyConfiguration$ConstructAction.validate(AbstractPropertyConfiguration.java:114)
    ... 17 more
Caused by: java.io.FileNotFoundException: /opt/jboss/keycloak/standalone/log/server.log (No such file or directory)
    at java.io.FileOutputStream.open0(Native Method)
    at java.io.FileOutputStream.open(FileOutputStream.java:270)
    at java.io.FileOutputStream.<init>(FileOutputStream.java:213)
    at org.jboss.logmanager.handlers.FileHandler.setFile(FileHandler.java:151)
    at org.jboss.logmanager.handlers.PeriodicRotatingFileHandler.setFile(PeriodicRotatingFileHandler.java:102)
    at org.jboss.logmanager.handlers.FileHandler.setFileName(FileHandler.java:189)
    at org.jboss.logmanager.handlers.FileHandler.<init>(FileHandler.java:119)
    at org.jboss.logmanager.handlers.PeriodicRotatingFileHandler.<init>(PeriodicRotatingFileHandler.java:70)
    ... 22 more
java.lang.IllegalStateException: WFLYSRV0124: Could not create server data directory: /opt/jboss/keycloak/standalone/data
    at org.jboss.as.server.ServerEnvironment.<init>(ServerEnvironment.java:473)
    at org.jboss.as.server.Main.determineEnvironment(Main.java:297)
    at org.jboss.as.server.Main.main(Main.java:94)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.jboss.modules.Module.run(Module.java:329)
at org.jboss.modules.Main.main(Main.java:507)
kullervo16
4 months ago

@homains :

/opt/jboss/keycloak/standalone/data is where the H2 data is stored, /opt/jboss/keycloak/standalone/log holds the log files... if you mount these 2 as a volume, your installation survives restarts and you have access to the logs.

Remark that from that point on, you will see the error message that campbellrw mentioned (but that does not seem to impact the working).

Also remark that this tutorial explains in its "next steps" section what to do before putting it in production (which is more than just mapping the volumes) : http://blog.keycloak.org/2015/10/getting-started-with-keycloak.html

homains
5 months ago

as this is a stand alone , how can I map the data volumes ???

doronbl
5 months ago

I'm running the command:
docker run --name keycloak -d -p 8080:8080 -e KEYCLOAK_USER=doronbl -e KEYCLOAK_PASSWORD=doronbl jboss/keycloak

Images are starting to be downloaded. However, after a while I get the following error message:
...
...
2e00ab875fe2: Download complete
not found
Tag latest not found in repository docker.io/jboss/keycloak

Tried with other tags, however got similar results.

campbellrw
5 months ago

I currently put environment variables in my Dockerfile to create the admin user. This builds and runs fine. I did notice however that if I stop my container, and then start it again, it will attempt to re-add that admin user, as I can see by an error message that Keycloak reports when it's starting. It complains that it's attempting to add an existing user. Is there a way around this?

ak1394
5 months ago

See https://github.com/ak1394/keycloak-dockerfiles for setting up keycloak to run behind Nginx proxy.

Also, the example of setting up keycloak + nginx + let's encrypt ssl certs (please skip the React Native bit and look at the Docker Compose config). https://medium.com/@ak1394/simple-social-login-for-react-native-apps-71279bf80ffc

skiddoo
8 months ago

Did someone figure out how to make this docker image work behind a reverse proxy like NGINX (to serve over HTTPS) ?