This installation guide will help you to install KeyCloak on Ubuntu Server 20.04. Just see the commands and read the description to understand how it must be installed.
Update and Upgrade Ubuntu Server
sudo apt-get update
Now run the Upgrade Command to ensure that all the latest packages are updated
sudo apt-get upgrade
If new packages are installed I shall recommend restarting the server, this will ensure that there are no errors while installation.
sudo reboot
Now install Open JDK by using the below command
sudo apt install openjdk-14-jdk
Now check Java Version
java -version
Great, you pre-requisites are now met. The next step is to move to OPT directory, which is usually used for installation of packages and add ons. To move to opt direcotry use the following command
cd /opt/
Now we will download keycloak latest version from keyloak website. For me the url appeared based on latest version, for you it might be different therefore makesure you are using correct URL to download the file.
Below command shows the URL of Quarkus version of keycloak
Presuming the you are in the OPT directory we will directly type the command below
sudo wget https://github.com/keycloak/keycloak/releases/download/19.0.2/keycloak-19.0.2.tar.gz
Now you must extract the file which is downloaded and file name in my case is keycloak-19.0.2.tar.gz, you can also see it by typing ls which will show you list of files
sudo tar -xvzf keycloak-19.0.2.tar.gz
Now it must have created the folder with long name, I will change hte name to keycloak by renaming it as below
sudo mv keycloak-19.0.2 keycloak
Now the folder name is keycloak. Now change direcotry to keyclock assuming you are alreayd in cd/opt folder
cd keycloak
Your output must look like below.
Now you can run Keycloak by typing below command
sudo bin/kc.sh start-dev
Noe you should be able to access the server using ip address at port 8080 http://ip:8080
But, we didn’t have the admin credentials yet set. You will get the home screen but the following message
set the environment variables KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD before starting the server. Press ctr + c to stop the service and then configure the admin user.
We will set the environment variable by typing KC strings at start and above comamnds will be typed as below
sudo su
bin/kc.sh build
export KEYCLOAK_ADMIN=admin
export KEYCLOAK_ADMIN_PASSWORD=admin
To see the environment variables, you will notice above two lines are appearning
printenv
Now start the server again
sudo bin/kc.sh start-dev
KeyCloak Production Environment Configuration
There are various things to be done for keycloak.
Database Configuration
Before configuring the database let us create the database, I will be using MariaDB for database. After installing the database use below commands create user and database
CREATE DATABASE keycloakdb;
CREATE USER keycloakuser@localhost IDENTIFIED BY 'keycloak';
GRANT ALL PRIVILEGES ON keycloakdb.* TO 'keycloakuser'@localhost;
FLUSH PRIVILEGES;
EXIT;
Setting up the user to use JDBC for MySQL
dd these two lines to /home/[user]/.bashrc. I am running Java 5 which doesn’t require the current directory to be on the Classpath ; I *think* Java 2 does, but I’m not going back to check it In that case you may need to have $CLASSPATH:.:/user/share/java/mysql.jar
CLASSPATH=$CLASSPATH:/usr/share/java/mysql.jar
export CLASSPATH
Now edit the configuration file and use below for the database
db=mariadb #as I am using mariadb
db-username=keycloakuser
db-password=keycloak
db-url=jdbc:mysql://hostname:port/databasename
SSL Certificate
To get the SSL Certificate use the following command
sudo sudo openssl req -newkey rsa:2048 -nodes -keyout server.key.pem -x509 -days 3650 -out server.crt.pem
This will get the SSL Certificate in the Root Directory where command was executed. Now you need to tell the configuration file about the lcoation of https certificate in my case. I added below lines to the configuration file
https-certificate-file=/opt/keycloak/server.crt.pem
#####Add lines to conf/keycloak.conf
sudo sed -i '$ a https-certificate-file=/srv/server.crt.pem' /srv/keycloak/conf/keycloak.conf
sudo sed -i '$ a https-certificate-key-file=/srv/server.key.pem' /srv/keycloak/conf/keycloak.conf
sudo sed -i '$ a hostname=<PUBLIC-IP-OF-EC2-INSTANCE>:8443' /srv/keycloak/conf/keycloak.conf