Skip to main content

[How-To] Install Keycloak on Ubuntu 24 LTS VM

Purpose

This document will step by step explain the installation process for Keycloak on a Ubuntu 24 LTS VM.

Prerequisites

List of prerequisites:

  • Sudo user
  • Ubuntu 24 LTS VM

Keycloak Installation on Ubuntu 24.04 (Step-by-Step Guide)

Step 1: Prepare the Ubuntu VM

Ensure your Ubuntu VM is up to date and has the necessary packages installed:

sudo apt update && sudo apt upgrade -y sudo apt install -y unzip curl nano wget gnupg2 software-properties-common

Step 2: Install Java (Required for Keycloak)

Keycloak requires Java 17+. Install OpenJDK 17:

sudo apt install -y openjdk-17-jdk

Verify installation:

java -version

You should see output similar to:

openjdk version "17.0.9" ...

Step 3: Install PostgreSQL (Recommended Database)

Keycloak supports PostgreSQL, MariaDB, and H2 (not recommended for production). Install PostgreSQL:

sudo apt install -y postgresql postgresql-contrib

Start and enable PostgreSQL:

sudo systemctl enable --now postgresql

Set up a database for Keycloak:

bash
sudo -i -u postgres psql

Inside the PostgreSQL shell, run:

sql
CREATE DATABASE keycloak; CREATE USER keycloak WITH ENCRYPTED PASSWORD 'your_secure_password'; GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloak; \q

This creates a database and user for Keycloak.

Step 4: Install Keycloak

Download and extract Keycloak (replace version as needed):

sudo wget https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-24.0.1.tar.gz tar -xvzf keycloak-24.0.1.tar.gz
sudo mv keycloak-24.0.1 /opt/keycloak

Create a dedicated Keycloak system user:

bash
sudo useradd -r -d /opt/keycloak -s /bin/false keycloak sudo chown -R keycloak:keycloak /opt/keycloak

Step 5: Configure Keycloak to Use PostgreSQL

Edit Keycloak’s configuration file:

bash
nano /opt/keycloak/conf/keycloak.conf

Add the following:

makefile
db=postgres db-url=jdbc:postgresql://localhost/keycloak db-username=keycloak db-password=your_secure_password hostname=your-domain.com # Change this to your real domain

Save and exit.

Step 6: Create a Systemd Service for Keycloak

Create a new service file:

bash
sudo nano /etc/systemd/system/keycloak.service

Add the following:

makefile
[Unit] Description=Keycloak Server After=network.target postgresql.service Wants=postgresql.service [Service] User=keycloak Group=keycloak Environment=JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64 ExecStart=/opt/keycloak/bin/kc.sh start --optimized Restart=always [Install] WantedBy=multi-user.target

Save and exit.
Reload systemd:

bash
sudo systemctl daemon-reload

Enable and start Keycloak:

bash
sudo systemctl enable --now keycloak

Check status:

bash
sudo systemctl status keycloak

Keycloak should now be running!

Step 7: Create an Admin User

Run the following command to create an admin account:

/opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080 --realm master --user admin --password admin

(Replace "admin" and "admin" with your desired username and password.)

Step 8: Access the Web UI

  1. Open a browser and go to:
    http://your-server-ip:8080


  2. Click "Administration Console" and log in with the admin user you created.

Keycloak is now set up and running!

High Availability (HA) & Redundancy Setup

Later, if you want Keycloak redundancy, follow these steps:

  1. Deploy a Second Keycloak VM

    • Repeat the setup on another Ubuntu VM.

  2. Use a Shared PostgreSQL Database

    • Instead of using local PostgreSQL, connect both Keycloak VMs to a shared external PostgreSQL instance.

  3. Deploy HAProxy as a Load Balancer

    • Install HAProxy on a separate VM and configure it to balance traffic between the two Keycloak servers.

  4. Enable Keycloak Clustering (Optional, for Sticky Sessions)

    • Set up Keycloak with sticky sessions using Infinispan or JDBC persistent sessions.

Final Thoughts

For now, a single VM setup is great. If you want HA later, you’ll just need:

  • A second VM running Keycloak
  • An external PostgreSQL instance
  • HAProxy for load balancing
No Comments
Back to top