Docker Compose
name: sso
services:
keycloak:
image: keycloak/keycloak:26.2.3
restart: always
environment:
# 初始账号
#KC_BOOTSTRAP_ADMIN_USERNAME: admin #only first startup
#KC_BOOTSTRAP_ADMIN_PASSWORD: admin #only first startup
# 数据库
KC_DB: "postgres"
KC_DB_PASSWORD: "密码"
KC_DB_URL: "jdbc:postgresql://keycloak-db:5432/keycloak"
KC_DB_USERNAME: "keycloak"
# 其它
KC_HOSTNAME: "https://example.com:1389"
KC_HTTP_ENABLED: "true"
#KC_HOSTNAME_STRICT: "true"
#KC_PROXY: "edge" # 用于指示 Keycloak 它运行在终端 TLS 的反向代理服务器后面
KC_HTTPS_CERTIFICATE_FILE: /cer.pem
KC_HTTPS_CERTIFICATE_KEY_FILE: /prk.pem
KC_HEALTH_ENABLED: "true"
KC_METRICS_ENABLED: "true"
#KC_HOSTNAME_URL: https://example.com:1389
ports:
- '1389:8443'
command:
- start
- --features=token-exchange
#- --proxy-headers=xforwarded
#- --hostname=localhost
volumes:
- ${KEYCLOAK_CER}:/cer.pem:ro
- ${KEYCLOAK_PRK}:/prk.pem:ro
depends_on:
- keycloak-db
keycloak-db:
image: postgres:17
restart: always
environment:
POSTGRES_DB: "keycloak"
POSTGRES_USER: "keycloak"
POSTGRES_PASSWORD: "密码"
volumes:
- ./keycloak-db:/var/lib/postgresql/data
