Keycloak Installation Ubuntu 20.04 : Production Environment

This installation guide will help you to install KeyCloak on Ubuntu Server 20.04. Just see the commands and read the description to understand how it must be installed.

Update and Upgrade Ubuntu Server

sudo apt-get update

Now run the Upgrade Command to ensure that all the latest packages are updated

sudo apt-get upgrade

If new packages are installed I shall recommend restarting the server, this will ensure that there are no errors while installation.

sudo reboot

Now install Open JDK by using the below command

sudo apt install openjdk-14-jdk

Now check Java Version

java -version 

Great, you pre-requisites are now met. The next step is to move to OPT directory, which is usually used for installation of packages and add ons. To move to opt direcotry use the following command

cd /opt/

Now we will download keycloak latest version from keyloak website. For me the url appeared based on latest version, for you it might be different therefore makesure you are using correct URL to download the file.

Below command shows the URL of Quarkus version of keycloak

Presuming the you are in the OPT directory we will directly type the command below

sudo wget

Now you must extract the file which is downloaded and file name in my case is keycloak-19.0.2.tar.gz, you can also see it by typing ls which will show you list of files

sudo tar -xvzf keycloak-19.0.2.tar.gz

Now it must have created the folder with long name, I will change hte name to keycloak by renaming it as below

 sudo mv keycloak-19.0.2 keycloak

Now the folder name is keycloak. Now change direcotry to keyclock assuming you are alreayd in cd/opt folder

 cd keycloak

Your output must look like below.

Now you can run Keycloak by typing below command

sudo bin/ start-dev

Noe you should be able to access the server using ip address at port 8080 http://ip:8080

But, we didn’t have the admin credentials yet set. You will get the home screen but the following message

set the environment variables KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD before starting the server. Press ctr + c to stop the service and then configure the admin user.

We will set the environment variable by typing KC strings at start and above comamnds will be typed as below

sudo su
bin/ build
export KEYCLOAK_ADMIN=admin

To see the environment variables, you will notice above two lines are appearning


Now start the server again

sudo bin/ start-dev

KeyCloak Production Environment Configuration

There are various things to be done for keycloak.

Database Configuration

Before configuring the database let us create the database, I will be using MariaDB for database. After installing the database use below commands create user and database

CREATE USER keycloakuser@localhost IDENTIFIED BY 'keycloak';
GRANT ALL PRIVILEGES ON keycloakdb.* TO 'keycloakuser'@localhost;

Setting up the user to use JDBC for MySQL

dd these two lines to /home/[user]/.bashrc. I am running Java 5 which doesn’t require the current directory to be on the Classpath ; I *think* Java 2 does, but I’m not going back to check it In that case you may need to have $CLASSPATH:.:/user/share/java/mysql.jar


Now edit the configuration file and use below for the database

db=mariadb #as I am using mariadb

SSL Certificate

To get the SSL Certificate use the following command

sudo sudo openssl req -newkey rsa:2048 -nodes -keyout server.key.pem -x509 -days 3650 -out server.crt.pem

This will get the SSL Certificate in the Root Directory where command was executed. Now you need to tell the configuration file about the lcoation of https certificate in my case. I added below lines to the configuration file


#####Add lines to conf/keycloak.conf
sudo sed -i '$ a https-certificate-file=/srv/server.crt.pem' /srv/keycloak/conf/keycloak.conf
sudo sed -i '$ a https-certificate-key-file=/srv/server.key.pem' /srv/keycloak/conf/keycloak.conf
sudo sed -i '$ a hostname=<PUBLIC-IP-OF-EC2-INSTANCE>:8443' /srv/keycloak/conf/keycloak.conf

Leave a Comment