Keycloak production deployment with MariaDB, NGINX and Docker

This post will cover the detailed step by step process to deploy Keycloak in a production environment using AWS EC2 Server. We will use Docker containers and Maria DB as the database. For securing the portal, we will use NGINX and certbot to generate Letsencrypt certificate.

The steps can be broken down as following:

  1. Create a domain/subdomain to be used for Keycloak
  2. Create the EC2 Server in AWS with the correct inbound rule set
  3. Install NGINX and Certbot and configure it for Keycloak domain
  4. Install Docker and configure it to run without “sudo”
  5. Create docker-compose.yml file
  6. Bring up the container and validate everything

1. Create a Domain or Subdomain to be used for Keycloak

I have created an Elastic IP in AWS to be used for Keycloak. We are using a subdomain for an existing domain by creating an “A” record. Please refer to the following image for reference.

2. Create the EC2 Server in AWS Console

Login to your AWS account and create an Amazon EC2 Server. Please make sure to size it based on the expected load. The recommended minimum hardware is 2 core CPU & 4 GB RAM which we will use for this deployment.

Please make sure to allow inbound TCP ports 22, 80(required for certbot certificate creation), 443 and 8081 that we will be using in this deployment. Next map the Elastic ip address to the newly created Keycloak Server. Once the server is up, perform the package upgrade using following command

sudo apt update && sudo apt upgrade

Preparing to unpack …/42-snapd_2.66.1+22.04_amd64.deb …
Unpacking snapd (2.66.1+22.04) over (2.63+22.04ubuntu0.1) …
Preparing to unpack …/43-sosreport_4.7.2-0ubuntu1~22.04.2_amd64.deb …
Unpacking sosreport (4.7.2-0ubuntu1~22.04.2) over (4.5.6-0ubuntu1~22.04.2) …
Preparing to unpack …/44-amd64-microcode_3.20191218.1ubuntu2.3_amd64.deb …
Unpacking amd64-microcode (3.20191218.1ubuntu2.3) over (3.20191218.1ubuntu2.2) …
Preparing to unpack …/45-cloud-init_24.4-0ubuntu1~22.04.1_all.deb …
Unpacking cloud-init (24.4-0ubuntu1~22.04.1) over (24.3.1-0ubuntu0~22.04.1) …
Preparing to unpack …/46-intel-microcode_3.20241112.0ubuntu0.22.04.1_amd64.deb …
Unpacking intel-microcode (3.20241112.0ubuntu0.22.04.1) over (3.20240910.0ubuntu0.22.04.1) …
Setting up libexpat1:amd64 (2.4.7-1ubuntu0.5) …
Setting up snapd (2.66.1+22.04) …
Installing new version of config file /etc/apparmor.d/usr.lib.snapd.snap-confine.real …
Progress: [ 51%] [#############################………………………..]

Go ahead and reboot the server if required.

3. Install NGINX and configure it for Keycloak domain

Now we will install the NGINX

sudo apt install nginx

Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
The following additional packages will be installed:
fontconfig-config fonts-dejavu-core libdeflate0 libfontconfig1 libgd3
libjbig0 libjpeg-turbo8 libjpeg8 libnginx-mod-http-geoip2
libnginx-mod-http-image-filter libnginx-mod-http-xslt-filter
libnginx-mod-mail libnginx-mod-stream libnginx-mod-stream-geoip2 libtiff5
libwebp7 libxpm4 nginx-common nginx-core
Suggested packages:
libgd-tools fcgiwrap nginx-doc ssl-cert
The following NEW packages will be installed:
fontconfig-config fonts-dejavu-core libdeflate0 libfontconfig1 libgd3
libjbig0 libjpeg-turbo8 libjpeg8 libnginx-mod-http-geoip2
libnginx-mod-http-image-filter libnginx-mod-http-xslt-filter
libnginx-mod-mail libnginx-mod-stream libnginx-mod-stream-geoip2 libtiff5
libwebp7 libxpm4 nginx nginx-common nginx-core
0 upgraded, 20 newly installed, 0 to remove and 0 not upgraded.
Need to get 2693 kB of archives.
After this operation, 8346 kB of additional disk space will be used.
Do you want to continue? [Y/n]

Type Y when prompted. Once the installation is completed, validate the NGINX Version using following command

nginx -v

nginx version: nginx/1.18.0 (Ubuntu)

sudo systemctl status nginx

● nginx.service – A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset:>
Active: active (running) since Fri 2025-01-03 10:27:21 UTC; 1min 29s ago
Docs: man:nginx(8)
Process: 370 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_proces>
Process: 435 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (co>
Main PID: 443 (nginx)
Tasks: 2 (limit: 2338)
Memory: 11.6M
CPU: 35ms
CGroup: /system.slice/nginx.service
├─443 “nginx: master process /usr/sbin/nginx -g daemon on; master_>
└─445 “nginx: worker process” “” “” “” “” “” “” “” “” “” “” “” “” >
Jan 03 10:27:21 ip-172-31-41-6 systemd[1]: Starting A high performance web serv>
Jan 03 10:27:21 ip-172-31-41-6 systemd[1]: Started A high performance web serve>
lines 1-16/16 (END)…skipping…
● nginx.service – A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2025-01-03 10:27:21 UTC; 1min 29s ago
Docs: man:nginx(8)
Process: 370 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 435 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 443 (nginx)
Tasks: 2 (limit: 2338)
Memory: 11.6M
CPU: 35ms
CGroup: /system.slice/nginx.service
├─443 “nginx: master process /usr/sbin/nginx -g daemon on; master_process on;”
└─445 “nginx: worker process” “” “” “” “” “” “” “” “” “” “” “” “” “” “” “” “” “” “” “” “” “” “” “” “” “” “” “”
Jan 03 10:27:21 ip-172-31-41-6 systemd[1]: Starting A high performance web server and a reverse proxy server…
Jan 03 10:27:21 ip-172-31-41-6 systemd[1]: Started A high performance web server and a reverse proxy server.

The output confirms that our NGINX is up and running

Next we will enable and configure the UFW to allow NGINX and ssh for remote connectivity.

sudo ufw status

Status: inactive

sudo ufw allow “Nginx Full”

Rules updated
Rules updated (v6)

sudo ufw allow ssh

Rules updated
Rules updated (v6)

sudo ufw enable

Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

sudo ufw reload

Firewall reloaded

sudo ufw status

Status: active
To Action From
— —— —-
Nginx Full ALLOW Anywhere
22/tcp ALLOW Anywhere
Nginx Full (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)

Next we will install certbot for Letsencrypt certificate creation and automated renewal

sudo apt install certbot python3-certbot-nginx

Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
The following additional packages will be installed:
python3-acme python3-certbot python3-configargparse python3-icu python3-josepy
python3-parsedatetime python3-requests-toolbelt python3-rfc3339 python3-zope.component
python3-zope.event python3-zope.hookable
Suggested packages:
python-certbot-doc python3-certbot-apache python-acme-doc python-certbot-nginx-doc
The following NEW packages will be installed:
certbot python3-acme python3-certbot python3-certbot-nginx python3-configargparse python3-icu
python3-josepy python3-parsedatetime python3-requests-toolbelt python3-rfc3339
python3-zope.component python3-zope.event python3-zope.hookable
0 upgraded, 13 newly installed, 0 to remove and 0 not upgraded.
Need to get 993 kB of archives.
After this operation, 5077 kB of additional disk space will be used.
Do you want to continue? [Y/n] y

Click on Y to continue. Once the installation is successfully completed, next step will be to create out certificate. Run the following commands and provide all the required information.

sudo certbot –nginx -d keycloak.securityfocal.com -d www.keycloak.securityfocal.com

sudo certbot –nginx -d keycloak.securityfocal.com -d www.keycloak.securityfocal.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter ‘c’ to cancel): kumar@securityfocal.com

Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf. You must agree in
order to register with the ACME server. Do you agree?

(Y)es/(N)o:y

Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let’s Encrypt project and the non-profit organization that
develops Certbot? We’d like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.

(Y)es/(N)o: y
Account registered.
Requesting a certificate for keycloak.securityfocal.com and www.keycloak.securityfocal.com
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/keycloak.securityfocal.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/keycloak.securityfocal.com/privkey.pem
This certificate expires on 2025-04-03.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for keycloak.securityfocal.com to /etc/nginx/sites-enabled/default
Successfully deployed certificate for www.keycloak.securityfocal.com to /etc/nginx/sites-enabled/default
Congratulations! You have successfully enabled HTTPS on https://keycloak.securityfocal.com and https://www.keycloak.securityfocal.com

If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Next we will do a dry run to validate if auto renewal is working as expected

sudo certbot renew –dry-run

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/keycloak.securityfocal.com.conf

Account registered.
Simulating renewal of an existing certificate for keycloak.securityfocal.com and www.keycloak.securityfocal.com

Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/keycloak.securityfocal.com/fullchain.pem (success)

Next we will configure NGINX for our deployment.

sudo unlink /etc/nginx/sites-enabled/default

cd /etc/nginx/sites-available/

sudo vi keycloak.securityfocal.conf

We will use following NGINX configuration for our Keycloak Deployment. Please make sure to change the configuration parameters as per your environment.

server {
    listen 80;
    server_name keycloak.securityfocal.com www.keycloak.securityfocal.com;
    rewrite ^https://keycloak.securityfocal.com permanent;
}

server {
    listen 443 ssl;
    server_name keycloak.securityfocal.com www.keycloak.securityfocal.com;

    ssl_certificate /etc/letsencrypt/live/keycloak.securityfocal.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/keycloak.securityfocal.com/privkey.pem;
    ssl_session_cache builtin:1000 shared:ssl:10m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_set_header     Host               $host;
        proxy_set_header     X-Real-IP          $remote_addr;
        proxy_set_header     X-Forwarded-For    $proxy_add_x_forwarded_for;
        proxy_set_header     X-Forwarded-Proto  $scheme;
        proxy_pass http://65.0.171.3:8081;
    }
}

Save and close the file (:wq). Complete the NGINX configuration

sudo ln -s /etc/nginx/sites-available/keycloak.securityfocal.conf /etc/nginx/sites-enabled/keycloak.securityfocal.conf

sudo nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

sudo systemctl restart nginx

4. Install Docker and configure it to run without “sudo”

Create a keycloak directory in home directory

cd /home/ubuntu

sudo mkdir keycloak

cd keycloak

Next we will install Docker and Docker compose. To do that we will set up Docker’s apt repository.

sudo apt-get update

sudo apt-get install ca-certificates curl

Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
ca-certificates is already the newest version (20240203~22.04.1).
ca-certificates set to manually installed.
curl is already the newest version (7.81.0-1ubuntu1.20).
curl set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

sudo install -m 0755 -d /etc/apt/keyrings

sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc

sudo chmod a+r /etc/apt/keyrings/docker.asc

echo \
“deb [arch=$(dpkg –print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo “$VERSION_CODENAME”) stable” | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

sudo apt-get update

Install Docker and Docker-Compose

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

sudo apt install docker-compose

Verify that the installation is successful by running the hello-world 

sudo docker run hello-world

Unable to find image ‘hello-world:latest’ locally
latest: Pulling from library/hello-world
c1ec31eb5944: Pull complete
Digest: sha256:5b3cc85e16e3058003c13b7821318369dad01dac3dbb877aac3c28182255c724
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
The Docker client contacted the Docker daemon.
The Docker daemon pulled the “hello-world” image from the Docker Hub.
(amd64)
The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/

This command downloads a test image and runs it in a container. When the container runs, it prints a confirmation message and exits.

To run Docker without root privileges, use the following commands

sudo groupadd docker

sudo usermod -aG docker $USER

Log out and log back in so that your group membership is re-evaluated.

5. Create docker-compose.yml file

We now need to create our docker-compose file. You may use the following code for that, please make sure to change the key parameters:

sudo vi docker-compose.yml

services:
  mariadb:
    image: mariadb:latest
    environment:
      MARIADB_ROOT_PASSWORD: toor
      MARIADB_DATABASE: keycloak
      MARIADB_USER: keycloak
      MARIADB_PASSWORD: keycloak
      mem_limit: 300m
    container_name: mariadb
    restart: always
    volumes:
      - mariadb_data:/var/lib/mysql
    networks:
      - keycloak-auth

  keycloak:
    image: quay.io/keycloak/keycloak:latest
    environment:
      KC_DB: mariadb
      KC_DB_SCHEMA: keycloak
      KC_DB_USERNAME: keycloak
      KC_DB_PASSWORD: keycloak
      KC_DB_URL_HOST: mariadb
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: admin
      KC_PROXY_HEADERS: xforwarded
      KC_HTTP_ENABLED: "true"
      KC_HOSTNAME_STRICT: "false"
      KC_HOSTNAME_URL: https://mydomain
      mem_limit: 500m
    ports:
      - 8443:8443
      - 8081:8080
    container_name: keycloak
    restart: always
    networks:
      - keycloak-auth
    depends_on:
      - mariadb
    command: start
volumes:
  mariadb_data:
    driver: local
networks:
  keycloak-auth:
    driver: bridge
You can use following github repository also for reference: docker-compose.yml. Please make sure to change the respective values as required for your deployment.

6. Bring up the container and validate everything

docker-compose up

Using username “ubuntu”.
Authenticating with public key “imported-openssh-key”
Welcome to Ubuntu 22.04.5 LTS (GNU/Linux 6.8.0-1021-aws x86_64)
Documentation: https://help.ubuntu.com
Management: https://landscape.canonical.com
Support: https://ubuntu.com/pro
System information as of Fri Jan 3 11:08:37 UTC 2025
System load: 0.0 Processes: 106
Usage of /: 36.1% of 7.57GB Users logged in: 0
Memory usage: 14% IPv4 address for eth0: 172.31.41.6
Swap usage: 0%
Expanded Security Maintenance for Applications is not enabled.
0 updates can be applied immediately.
Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status
New release ‘24.04.1 LTS’ available.
Run ‘do-release-upgrade’ to upgrade to it.
Last login: Fri Jan 3 11:00:43 2025 from 106.51.76.126
ubuntu@ip-172-31-41-6:~$ cd keycloak/
ubuntu@ip-172-31-41-6:~/keycloak$ docker-compose up
Creating network “keycloak_keycloak-auth” with driver “bridge”
Creating volume “keycloak_mariadb_data” with local driver
Pulling mariadb (mariadb:latest)…
latest: Pulling from library/mariadb
de44b265507a: Pull complete
ca9b21d0c985: Pull complete
041c753879ae: Pull complete
e7b5137dc4b2: Pull complete
655e5d2590bd: Pull complete
41b3170b5f12: Pull complete
95adc28016bc: Pull complete
407e9d6eefb4: Pull complete
Digest: sha256:a9547599cd87d7242435aea6fda22a9d83e2c06d16c658ef70d2868b3d3f6a80
Status: Downloaded newer image for mariadb:latest
Pulling keycloak (quay.io/keycloak/keycloak:latest)…
latest: Pulling from keycloak/keycloak
3db38ca7c9bc: Pull complete
83a2d69b614f: Pull complete
835348ea4429: Pull complete
fe4d0ad1ea3d: Pull complete
Digest: sha256:4388e2379b7e870a447adbe7b80bd61f5fbf04e925832b19669fda4957f05a81
Status: Downloaded newer image for quay.io/keycloak/keycloak:latest
Creating mariadb … done
Creating keycloak … done
Attaching to mariadb, keycloak
mariadb | 2025-01-03 11:09:15+00:00 [Note] [Entrypoint]: Entrypoint script f or MariaDB Server 1:11.6.2+maria~ubu2404 started.
mariadb | 2025-01-03 11:09:16+00:00 [Warn] [Entrypoint]: /sys/fs/cgroup///me mory.pressure not writable, functionality unavailable to MariaDB
mariadb | 2025-01-03 11:09:16+00:00 [Note] [Entrypoint]: Switching to dedica ted user ‘mysql’
mariadb | 2025-01-03 11:09:16+00:00 [Note] [Entrypoint]: Entrypoint script f or MariaDB Server 1:11.6.2+maria~ubu2404 started.
mariadb | 2025-01-03 11:09:16+00:00 [Note] [Entrypoint]: Initializing databa se files
mariadb | 2025-01-03 11:09:16 0 [Warning] mariadbd: io_uring_queue_init() fa iled with errno 95
mariadb | 2025-01-03 11:09:16 0 [Warning] InnoDB: liburing disabled: falling back to innodb_use_native_aio=OFF
keycloak | Changes detected in configuration. Updating the server image.
mariadb | 2025-01-03 11:09:18+00:00 [Note] [Entrypoint]: Database files init ialized
mariadb | 2025-01-03 11:09:18+00:00 [Note] [Entrypoint]: Starting temporary server
mariadb | 2025-01-03 11:09:18+00:00 [Note] [Entrypoint]: Waiting for server startup
mariadb | 2025-01-03 11:09:18 0 [Note] Starting MariaDB 11.6.2-MariaDB-ubu24 04 source revision d8dad8c3b54cd09fefce7bc3b9749f427eed9709 server_uid 72+4ASMvY xproTQgRqIDplDA1XA= as process 85
mariadb | 2025-01-03 11:09:18 0 [Note] InnoDB: Compressed tables use zlib 1. 3
mariadb | 2025-01-03 11:09:18 0 [Note] InnoDB: Number of transaction pools: 1
mariadb | 2025-01-03 11:09:18 0 [Note] InnoDB: Using crc32 + pclmulqdq instr uctions
mariadb | 2025-01-03 11:09:18 0 [Note] mariadbd: O_TMPFILE is not supported on /tmp (disabling future attempts)
mariadb | 2025-01-03 11:09:18 0 [Warning] mariadbd: io_uring_queue_init() fa iled with errno 95
mariadb | 2025-01-03 11:09:18 0 [Warning] InnoDB: liburing disabled: falling back to innodb_use_native_aio=OFF
mariadb | 2025-01-03 11:09:18 0 [Note] InnoDB: Initializing buffer pool, tot al size = 128.000MiB, chunk size = 2.000MiB
mariadb | 2025-01-03 11:09:18 0 [Note] InnoDB: Completed initialization of b uffer pool
mariadb | 2025-01-03 11:09:18 0 [Note] InnoDB: File system buffers for log d isabled (block size=512 bytes)
keycloak | Updating the configuration and installing your custom providers, i f any. Please wait.
mariadb | 2025-01-03 11:09:18 0 [Note] InnoDB: End of log at LSN=47763
mariadb | 2025-01-03 11:09:18 0 [Note] InnoDB: Opened 3 undo tablespaces
mariadb | 2025-01-03 11:09:18 0 [Note] InnoDB: 128 rollback segments in 3 un do tablespaces are active.
mariadb | 2025-01-03 11:09:18 0 [Note] InnoDB: Setting file ‘./ibtmp1’ size to 12.000MiB. Physically writing the file full; Please wait …
mariadb | 2025-01-03 11:09:18 0 [Note] InnoDB: File ‘./ibtmp1’ size is now 1 2.000MiB.
mariadb | 2025-01-03 11:09:18 0 [Note] InnoDB: log sequence number 47763; tr ansaction id 14
mariadb | 2025-01-03 11:09:18 0 [Note] Plugin ‘FEEDBACK’ is disabled.
mariadb | 2025-01-03 11:09:18 0 [Note] Plugin ‘wsrep-provider’ is disabled.
mariadb | 2025-01-03 11:09:29 0 [Note] mariadbd: Event Scheduler: Loaded 0 e vents
mariadb | 2025-01-03 11:09:30 0 [Note] mariadbd: ready for connections.
mariadb | Version: ‘11.6.2-MariaDB-ubu2404’ socket: ‘/run/mysqld/mysqld.soc k’ port: 0 mariadb.org binary distribution
mariadb | 2025-01-03 11:09:30+00:00 [Note] [Entrypoint]: Temporary server st arted.
mariadb | 2025-01-03 11:09:31+00:00 [Note] [Entrypoint]: Creating database k eycloak
mariadb | 2025-01-03 11:09:31+00:00 [Note] [Entrypoint]: Creating user keycl oak
mariadb | 2025-01-03 11:09:31+00:00 [Note] [Entrypoint]: Giving user keycloa k access to schema keycloak
mariadb | 2025-01-03 11:09:31+00:00 [Note] [Entrypoint]: Securing system use rs (equivalent to running mysql_secure_installation)
mariadb |
mariadb | 2025-01-03 11:09:32+00:00 [Note] [Entrypoint]: Stopping temporary server
mariadb | 2025-01-03 11:09:32 0 [Note] mariadbd (initiated by: unknown): Nor mal shutdown
mariadb | 2025-01-03 11:09:32 0 [Note] InnoDB: FTS optimize thread exiting.
mariadb | 2025-01-03 11:09:32 0 [Note] InnoDB: Starting shutdown…
mariadb | 2025-01-03 11:09:32 0 [Note] InnoDB: Dumping buffer pool(s) to /va r/lib/mysql/ib_buffer_pool
mariadb | 2025-01-03 11:09:32 0 [Note] InnoDB: Buffer pool(s) dump completed at 250103 11:09:32
mariadb | 2025-01-03 11:09:32 0 [Note] InnoDB: Removed temporary tablespace data file: “./ibtmp1”
mariadb | 2025-01-03 11:09:32 0 [Note] InnoDB: Shutdown completed; log seque nce number 47763; transaction id 15
mariadb | 2025-01-03 11:09:32 0 [Note] mariadbd: Shutdown complete
mariadb |
mariadb | 2025-01-03 11:09:32+00:00 [Note] [Entrypoint]: Temporary server st opped
mariadb |
mariadb | 2025-01-03 11:09:32+00:00 [Note] [Entrypoint]: MariaDB init proces s done. Ready for start up.
mariadb |
mariadb | 2025-01-03 11:09:32 0 [Note] Starting MariaDB 11.6.2-MariaDB-ubu24 04 source revision d8dad8c3b54cd09fefce7bc3b9749f427eed9709 server_uid 72+4ASMvY xproTQgRqIDplDA1XA= as process 1
mariadb | 2025-01-03 11:09:32 0 [Note] InnoDB: Compressed tables use zlib 1. 3
mariadb | 2025-01-03 11:09:32 0 [Note] InnoDB: Number of transaction pools: 1
mariadb | 2025-01-03 11:09:32 0 [Note] InnoDB: Using crc32 + pclmulqdq instr uctions
mariadb | 2025-01-03 11:09:32 0 [Note] mariadbd: O_TMPFILE is not supported on /tmp (disabling future attempts)
mariadb | 2025-01-03 11:09:32 0 [Warning] mariadbd: io_uring_queue_init() fa iled with errno 95
mariadb | 2025-01-03 11:09:32 0 [Warning] InnoDB: liburing disabled: falling back to innodb_use_native_aio=OFF
mariadb | 2025-01-03 11:09:32 0 [Note] InnoDB: Initializing buffer pool, tot al size = 128.000MiB, chunk size = 2.000MiB
mariadb | 2025-01-03 11:09:32 0 [Note] InnoDB: Completed initialization of b uffer pool
mariadb | 2025-01-03 11:09:32 0 [Note] InnoDB: File system buffers for log d isabled (block size=512 bytes)
mariadb | 2025-01-03 11:09:32 0 [Note] InnoDB: End of log at LSN=47763
mariadb | 2025-01-03 11:09:32 0 [Note] InnoDB: Opened 3 undo tablespaces
mariadb | 2025-01-03 11:09:32 0 [Note] InnoDB: 128 rollback segments in 3 un do tablespaces are active.
mariadb | 2025-01-03 11:09:32 0 [Note] InnoDB: Setting file ‘./ibtmp1’ size to 12.000MiB. Physically writing the file full; Please wait …
mariadb | 2025-01-03 11:09:32 0 [Note] InnoDB: File ‘./ibtmp1’ size is now 1 2.000MiB.
mariadb | 2025-01-03 11:09:32 0 [Note] InnoDB: log sequence number 47763; tr ansaction id 14
mariadb | 2025-01-03 11:09:32 0 [Note] InnoDB: Loading buffer pool(s) from / var/lib/mysql/ib_buffer_pool
mariadb | 2025-01-03 11:09:32 0 [Note] Plugin ‘FEEDBACK’ is disabled.
mariadb | 2025-01-03 11:09:32 0 [Note] Plugin ‘wsrep-provider’ is disabled.
mariadb | 2025-01-03 11:09:32 0 [Note] InnoDB: Buffer pool(s) load completed at 250103 11:09:32
mariadb | 2025-01-03 11:09:36 0 [Note] Server socket created on IP: ‘0.0.0.0 ‘.
mariadb | 2025-01-03 11:09:36 0 [Note] Server socket created on IP: ‘::’.
mariadb | 2025-01-03 11:09:36 0 [Note] mariadbd: Event Scheduler: Loaded 0 e vents
mariadb | 2025-01-03 11:09:36 0 [Note] mariadbd: ready for connections.
mariadb | Version: ‘11.6.2-MariaDB-ubu2404’ socket: ‘/run/mysqld/mysqld.soc k’ port: 3306 mariadb.org binary distribution
keycloak | 2025-01-03 11:09:47,958 INFO io.qua.dep.QuarkusAugmentor Quarkus augmentation completed in 25188ms
keycloak | Server configuration updated and persisted. Run the following comm and to review the configuration:
keycloak |
keycloak | kc.sh show-config
keycloak |
keycloak | Next time you run the server, just run:
keycloak |
keycloak | kc.sh start –optimized
keycloak |
keycloak | 2025-01-03 11:09:50,142 ERROR org.keycloak.quarkus.runtime.config uration.mappers.PropertyMappers Hostname v1 options [hostname-url] are s till in use, please review your configuration
keycloak | 2025-01-03 11:09:56,440 INFO org.keycloak.quarkus.runtime.storag e.infinispan.CacheManagerFactory Starting Infinispan embedded cache mana ger
keycloak | 2025-01-03 11:09:57,969 INFO [org.infinispan.CONTAINER] (Thread-5 ) ISPN000556: Starting user marshaller ‘org.infinispan.commons.marshall.Immutabl eProtoStreamMarshaller’
keycloak | 2025-01-03 11:09:58,753 WARN [org.jgroups.stack.Configurator] (Th read-5) JGRP000014: ThreadPool.thread_dumps_threshold has been deprecated: ignor ed
keycloak | 2025-01-03 11:09:58,788 INFO org.infinispan.CLUSTER ISPN000078: Starting JGroups channel ISPN with stack udp
keycloak | 2025-01-03 11:09:58,791 INFO org.jgroups.JChannel lo cal_addr: 60bda999-48d7-484d-bf33-83d185ac3eae, name: 2bafd081979e-49370
keycloak | 2025-01-03 11:09:58,820 WARN [org.jgroups.protocols.UDP] (Thread- 5) JGRP000015: the send buffer of socket MulticastSocket was set to 1MB, but the OS only allocated 212.99KB
keycloak | 2025-01-03 11:09:58,821 WARN [org.jgroups.protocols.UDP] (Thread- 5) JGRP000015: the receive buffer of socket MulticastSocket was set to 20MB, but the OS only allocated 212.99KB
keycloak | 2025-01-03 11:09:58,822 WARN [org.jgroups.protocols.UDP] (Thread- 5) JGRP000015: the send buffer of socket MulticastSocket was set to 1MB, but the OS only allocated 212.99KB
keycloak | 2025-01-03 11:09:58,824 WARN [org.jgroups.protocols.UDP] (Thread- 5) JGRP000015: the receive buffer of socket MulticastSocket was set to 25MB, but the OS only allocated 212.99KB
keycloak | 2025-01-03 11:09:58,844 INFO [org.jgroups.protocols.FD_SOCK2] (Th read-5) server listening on *.25581
keycloak | 2025-01-03 11:09:59,482 WARN org.mariadb.jdbc.message.server.Err orPacket Error: 1146-42S02: Table ‘keycloak.MIGRATION_MODEL’ doesn’t exi st
keycloak | 2025-01-03 11:10:00,867 INFO [org.jgroups.protocols.pbcast.GMS] ( Thread-5) 2bafd081979e-49370: no members discovered after 2008 ms: creating clus ter as coordinator
keycloak | 2025-01-03 11:10:00,892 INFO org.infinispan.CLUSTER ISPN000094: Received new cluster view for channel ISPN: [2bafd081979e-49370|0] ( 1) [2bafd081979e-49370]
keycloak | 2025-01-03 11:10:01,126 INFO org.infinispan.CLUSTER ISPN000079: Channel ISPN local address is 2bafd081979e-49370, physical addre sses are [172.18.0.3:41117]
keycloak | 2025-01-03 11:10:01,187 WARN org.mariadb.jdbc.message.server.Err orPacket Error: 1146-42S02: Table ‘keycloak.DATABASECHANGELOG’ doesn’t e xist
keycloak | 2025-01-03 11:10:01,842 WARN liquibase.changelog.DatabaseChangeL og Due to mariadb SQL limitations, modifyDataType will lose primary key/ autoincrement/not null/comment settings explicitly redefined in the change. Use or to re-specify all configuration if this is the case
keycloak | 2025-01-03 11:10:01,844 WARN liquibase.changelog.DatabaseChangeL og Due to mariadb SQL limitations, setNullable will lose primary key/aut oincrement/not null/comment settings explicitly redefined in the change. Use or to re-specify all configuration if this is the case
keycloak | 2025-01-03 11:10:01,908 WARN org.mariadb.jdbc.message.server.Err orPacket Error: 1146-42S02: Table ‘keycloak.DATABASECHANGELOGLOCK’ doesn ‘t exist
keycloak | 2025-01-03 11:10:02,056 WARN org.mariadb.jdbc.message.server.Err orPacket Error: 1146-42S02: Table ‘keycloak.DATABASECHANGELOG’ doesn’t e xist
keycloak | 2025-01-03 11:10:02,058 INFO org.keycloak.quarkus.runtime.storag e.database.liquibase.QuarkusJpaUpdaterProvider Initializing database sch ema. Using changelog META-INF/jpa-changelog-master.xml
keycloak | 2025-01-03 11:10:03,118 WARN liquibase.changelog.DatabaseChangeL og Due to mariadb SQL limitations, modifyDataType will lose primary key/ autoincrement/not null/comment settings explicitly redefined in the change. Use or to re-specify all configuration if this is the case
keycloak | 2025-01-03 11:10:03,121 WARN liquibase.changelog.DatabaseChangeL og Due to mariadb SQL limitations, setNullable will lose primary key/aut oincrement/not null/comment settings explicitly redefined in the change. Use or to re-specify all configuration if this is the case
keycloak | 2025-01-03 11:10:03,359 WARN liquibase.changelog.DatabaseChangeL og Due to mariadb SQL limitations, modifyDataType will lose primary key/ autoincrement/not null/comment settings explicitly redefined in the change. Use or to re-specify all configuration if this is the case
keycloak | 2025-01-03 11:10:03,361 WARN liquibase.changelog.DatabaseChangeL og Due to mariadb SQL limitations, setNullable will lose primary key/aut oincrement/not null/comment settings explicitly redefined in the change. Use or to re-specify all configuration if this is the case
keycloak |
keycloak | UPDATE SUMMARY
keycloak | Run: 148
keycloak | Previously run: 0
keycloak | Filtered out: 0
keycloak | ——————————-
keycloak | Total change sets: 148
keycloak |
keycloak | 2025-01-03 11:10:24,433 WARN io.agroal.pool Datasource ”: JDBC resources leaked: 2 ResultSet(s) and 0 Statement(s)
keycloak | 2025-01-03 11:10:25,076 INFO org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory Node name: 2bafd081979e-49370, Site name: null
keycloak | 2025-01-03 11:10:25,455 INFO org.keycloak.broker.provider.AbstractIdentityProviderMapper Registering class org.keycloak.broker.provider.mappersync.ConfigSyncEventListener
keycloak | 2025-01-03 11:10:25,488 INFO org.keycloak.services KC-SERVICES0050: Initializing master realm
keycloak | 2025-01-03 11:10:30,172 WARN org.keycloak.services KC-SERVICES0110: Environment variable ‘KEYCLOAK_ADMIN’ is deprecated, use ‘KC_BOOTSTRAP_ADMIN_USERNAME’ instead
keycloak | 2025-01-03 11:10:30,175 WARN org.keycloak.services KC-SERVICES0110: Environment variable ‘KEYCLOAK_ADMIN_PASSWORD’ is deprecated, use ‘KC_BOOTSTRAP_ADMIN_PASSWORD’ instead
keycloak | 2025-01-03 11:10:30,658 INFO org.keycloak.services KC-SERVICES0077: Created temporary admin user with username admin
keycloak | 2025-01-03 11:10:30,721 WARN io.agroal.pool Datasource ”: JDBC resources leaked: 1 ResultSet(s) and 0 Statement(s)
keycloak | 2025-01-03 11:10:31,002 INFO io.quarkus Keycloak 26.0.7 on JVM (powered by Quarkus 3.15.1) started in 42.773s. Listening on: http://0.0.0.0:8080
keycloak | 2025-01-03 11:10:31,004 INFO io.quarkus Profile prod activated.
keycloak | 2025-01-03 11:10:31,004 INFO io.quarkus Installed features: [agroal, cdi, hibernate-orm, jdbc-mariadb, keycloak, narayana-jta, opentelemetry, reactive-routes, rest, rest-jackson, smallrye-context-propagation, vertx]

If you have followed all the steps correctly, the Keycloak Server should come up

That’s it our server is ready. Use the admin credentials to login.