Breaking

Monday, November 7, 2022

Home / Unlabelled / Setup Keycloak Server on Debian 11

Setup Keycloak Server on Debian 11

by on

 




apt-get -y update && apt-get -y upgrade

apt-get -y install default-jdk		

yum -y update && yum -y install java-11-openjdk-devel




cd /opt
wget https://github.com/keycloak/keycloak/releases/download/16.0.0/keycloak-16.0.0.tar.gz
tar -xvzf keycloak-16.0.0.tar.gz
mv keycloak-16.0.0.tar.gz keycloak


groupadd keycloak

useradd -r -g keycloak -d /opt/keycloak -s /sbin/nologin keycloak

chown -R keycloak: keycloak

chmod o+x /opt/keycloak/bin/

mkdir /etc/keycloak
cd /etc/keycloak
cp /opt/keycloak/docs/contrib/scripts/systemd/wildfly.conf /etc/keycloak/keycloak.conf

cp /opt/keycloak/docs/contrib/scripts/systemd/launch.sh /opt/keycloak/bin/

chown keycloak: /opt/keycloak/bin/launch.sh
vim /opt/keycloak/bin/launch.sh

WILDFLY_HOME="/opt/keycloak"


cp /opt/keycloak/docs/contrib/scripts/systemd/wildfly.service /etc/systemd/system/keycloak.service

vim /etc/systemd/system/keycloak.service
[Unit]

Description=Keycloak Application Server

After=network.target



[Service]

Type=idle

User=keycloak

Group=keycloak

ExecStart=/opt/keycloak/bin/standalone.sh -b 0.0.0.0

TimeoutStartSec=600

TimeoutStopSec=600



[Install]

WantedBy=multi-user.target
systemctl daemon-reload && systemctl enable keycloak && systemctl restart keycloak && systemctl status keycloak
##if service will not run use below commandchmod o+x /opt/keycloak/bin/standalone.sh

/opt/keycloak/bin/add-user-keycloak.sh -u admin -p YOURPASS -r master

systemctl restart keycloak

tail -f /opt/keycloak/standalone/log/server.log

http://<instance-public-ip-domain.com>:8080/auth/admin/
########### Disable SSL ############



/opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin

/opt/keycloak/bin/kcadm.sh update realms/master -s sslRequired=NONE


upstream mywebapp1 {
server 127.0.0.1:8080;
}
server {
    listen 80;
    listen 443 ssl http2;
    server_name *.bd;
    ssl_certificate /cert/2019/nothi.pem;
    ssl_certificate_key /cert/2019/nothi.key;
    ssl_session_cache shared:SSL:120m;
    ssl_session_timeout 60m;
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
    add_header Strict-Transport-Security "max-age=31536000";
    location / {
        proxy_pass http://mywebapp1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}


Author Image

About Farhad
This is not a professional blog, it's most likely personal. I like technology So I am trying to share those post which I like, need for my work, want to share. Most of the time it's just a copypaste from oter sites!!

Related Posts:
By at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)