docker-compose.yaml

services:
  postgres: # https://hub.docker.com/_/postgres
    container_name: postgres
    image: postgres:14.5-alpine
    environment:
      POSTGRES_DB: bitnami_keycloak
      POSTGRES_USER: bn_keycloak
      POSTGRES_PASSWORD: "#3]O?4RGj)DE7Z!9SA5"
    restart: on-failure
    healthcheck:
      test: [ "CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}" ]
      interval: 10s
      timeout: 5s
      retries: 5

  keycloak: # https://hub.docker.com/r/bitnami/keycloak
    container_name: keycloak
    image: bitnami/keycloak:26.0.0
    volumes:
      - ./certs/keycloak-key.pem:/opt/keycloak/conf/localhost.key.pem
      - ./certs/keycloak-crt.pem:/opt/keycloak/conf/localhost.crt.pem
      - ./certs/truststore.jks:/opt/keycloak/conf/truststore.jks
    ports:
      - "18080:18080"
      - "18443:18443"
    environment:
      KEYCLOAK_HTTP_PORT: 18080
      KEYCLOAK_HTTP_RELATIVE_PATH: /auth
      KEYCLOAK_DATABASE_HOST: postgres
      KEYCLOAK_DATABASE_PASSWORD: "#3]O?4RGj)DE7Z!9SA5"
      KEYCLOAK_ADMIN_USER: admin
      KEYCLOAK_ADMIN_PASSWORD: admin
      KC_HTTPS_CERTIFICATE_KEY_FILE: /opt/keycloak/conf/localhost.key.pem
      KC_HTTPS_CERTIFICATE_FILE: /opt/keycloak/conf/localhost.crt.pem
      KC_HTTPS_TRUST_STORE_FILE: /opt/keycloak/conf/truststore.jks
      KC_HTTPS_TRUST_STORE_PASSWORD: password
      KC_HTTPS_CLIENT_AUTH: request
      KC_LOG: console
      KC_LOG_CONSOLE_LEVEL: all
      KC_LOG_LEVEL: DEBUG
      KEYCLOAK_HTTPS_PORT: 18443
    restart: on-failure
    healthcheck:
      test: [ "CMD", "curl", "-f", "http://localhost:18080/auth" ]
      interval: 30s
      timeout: 15s
      retries: 5
      start_period: 30s
    depends_on:
      - postgres