Setting Up Keycloak as a Systemd Service

Running Keycloak as a systemd service allows you to manage its lifecycle effectively, ensuring that it starts automatically on boot and can be easily started, stopped, or restarted using systemd commands. This guide will show you how to configure Keycloak as a systemd service for both traditional and Docker-based deployments.

1. Prerequisites

Before configuring Keycloak as a systemd service, make sure you have the following:

  • A working Keycloak installation (either standalone or Docker-based).
  • Systemd installed and running on your server (most modern Linux distributions include systemd by default).
  • Root or sudo privileges to manage systemd services.

2. Setting Up Keycloak as a Systemd Service (Traditional Installation)

If you have a standalone Keycloak installation (non-Docker), follow these steps to configure Keycloak as a systemd service:

  1. Navigate to the Keycloak installation directory, where the Keycloak executable resides (e.g., /opt/keycloak).
  2. Create a new systemd service file for Keycloak:
  3. Paste the following configuration into the service file:
  4. Save and close the file (Ctrl + X, Y, Enter).
  5. Reload the systemd configuration to apply the new service:
  6. Enable the Keycloak service to start automatically at boot:
  7. Start the Keycloak service:
  8. Check the status of the Keycloak service to ensure it is running:
sudo nano /etc/systemd/system/keycloak.service
[Unit]
Description=Keycloak
After=network.target

[Service]
User=root
Group=root
ExecStart=/opt/keycloak/bin/standalone.sh -b 0.0.0.0
or
ExecStart=/opt/keycloak/bin/kc.sh start

ExecStop=/opt/keycloak/bin/jboss-cli.sh --connect command=:shutdown
or

ExecStop=/opt/keycloak/bin/kc.sh stop

Restart=always
LimitNOFILE=1024

[Install]
WantedBy=multi-user.target

This configuration does the following:

  • ExecStart: Specifies the command to start Keycloak.
  • ExecStop: Specifies the command to stop Keycloak.
  • Restart: Ensures Keycloak restarts automatically if it crashes.
  • LimitNOFILE: Increases the number of open files allowed for Keycloak (useful for production environments).
sudo systemctl daemon-reload
sudo systemctl enable keycloak.service
sudo systemctl start keycloak.service
sudo systemctl status keycloak.service

3. Setting Up Keycloak as a Docker-based Systemd Service

If you’re running Keycloak in Docker, you can still manage it using systemd. Here’s how to set up a systemd service for Docker-based Keycloak:

  1. Create a new systemd service file for Docker-based Keycloak:
  2. Paste the following configuration into the service file:
  3. Save and close the file (Ctrl + X, Y, Enter).
  4. Reload the systemd configuration to apply the new service:
  5. Enable the Docker-based Keycloak service to start automatically at boot:
  6. Start the Keycloak Docker service:
  7. Check the status of the Docker-based Keycloak service:
sudo nano /etc/systemd/system/keycloak-docker.service
[Unit]
Description=Keycloak Docker Container
After=docker.service
Requires=docker.service

[Service]
Restart=always
ExecStart=/usr/bin/docker run --rm --name keycloak -p 8080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin jboss/keycloak
ExecStop=/usr/bin/docker stop keycloak

[Insta

How to Install Keycloak

Keycloak is a robust, open-source identity and access management solution for modern applications. It supports single sign-on (SSO), social login, user management, and more. This guide walks you through the installation and initial setup of Keycloak.

1. Prerequisites

Before installing Keycloak, ensure your system meets the following requirements:

  • Operating System: Linux, macOS, or Windows.
  • Java: JDK 11 or later installed on your system.
  • Database: Keycloak supports MySQL, PostgreSQL, and others (optional for development).
  • Browser: A modern browser for accessing the Keycloak admin console.

2. Steps to Install Keycloak

Step 1: Download Keycloak

Download the latest version of Keycloak from the official Keycloak website.

wget https://github.com/keycloak/keycloak/releases/download/{version}/keycloak-{version}.zip
    

Replace {version} with the desired version number.

Step 2: Extract the Archive

Extract the downloaded file:

unzip keycloak-{version}.zip -d /opt/keycloak
cd /opt/keycloak
    

Step 3: Configure Keycloak

Set up the initial configuration:

  • Edit the keycloak.conf file for database connection (if using an external database).
  • Set the admin user credentials by running:
bin/kc.sh bootstrap-admin user --bootstrap-admin-username admin --bootstrap-admin-password password

Step 4: Start Keycloak

Start the Keycloak server:

bin/kc.sh start
    

Keycloak will be available at http://localhost:8080.

or check this if Keycloak Behind NGINX Reverse Proxy

or change default port of keycloak

3. Accessing the Admin Console

Open your browser and navigate to http://localhost:8080/admin. Log in using the admin username and password you configured earlier.

4. Post-Installation Configuration

  • Create a Realm: Realms are isolated environments within Keycloak. Create one for your application.
  • Set Up Clients: Clients represent applications that use Keycloak for authentication. Add your applications under the Clients section.
  • Configure Users: Add users manually or integrate with external identity providers.
  • Integrate with Databases: Configure Keycloak to use MySQL, PostgreSQL, or other supported databases.

5. Best Practices

  • Secure your Keycloak instance with HTTPS.
  • Regularly update Keycloak to the latest version.
  • Use external databases for production environments.
  • Enable backups and disaster recovery mechanisms.

6. Conclusion

Installing Keycloak is straightforward and sets the foundation for secure, centralized identity management. By following this guide, you can quickly set up Keycloak for authentication, SSO, and user management. Tailor your configuration to suit your application needs for a seamless integration.