Skip to main content

Docker / Podman Deployment

This project includes a multi-stage Dockerfile for containerized deployment. All commands work with both Docker and Podman — substitute as needed.

Multi-Stage Build Overview

StageBase ImagePurpose
Buildermaven:3.9-eclipse-temurin-21Compiles source and produces the provider JAR
Runtimequay.io/keycloak/keycloak:26.5.3Copies the JAR and runs kc.sh build

Build the Image

docker build -t keycloak-2fa-email:latest .

Run the Container

docker run -p 8080:8080 \
  -e KEYCLOAK_ADMIN=admin \
  -e KEYCLOAK_ADMIN_PASSWORD=admin \
  keycloak-2fa-email:latest \
  start-dev

Keycloak is available at http://localhost:8080 once started.

Using Docker Compose

The project includes a docker-compose.yml:

docker-compose up

Production Deployment

warning

start-dev must not be used in production. Use start with a real database and TLS certificates.

docker run -d \
  --name keycloak-prod \
  -p 8443:8443 \
  -e KC_HOSTNAME=keycloak.example.com \
  -e KC_HTTPS_CERTIFICATE_FILE=/path/to/cert.pem \
  -e KC_HTTPS_CERTIFICATE_KEY_FILE=/path/to/key.pem \
  -e KC_DB=postgres \
  -e KC_DB_URL=jdbc:postgresql://db/keycloak \
  -e KC_DB_USERNAME=keycloak \
  -e KC_DB_PASSWORD=password \
  keycloak-2fa-email:latest \
  start

Container Management

# Stop
docker stop keycloak-test

# Start
docker start keycloak-test

# Remove
docker stop keycloak-test && docker rm keycloak-test

# Remove image
docker rmi keycloak-2fa-email:latest

Rebuild After Code Changes

docker build -t keycloak-2fa-email:latest .
docker stop keycloak-test && docker rm keycloak-test
docker run -d --name keycloak-test \
  -p 8080:8080 \
  -e KEYCLOAK_ADMIN=admin \
  -e KEYCLOAK_ADMIN_PASSWORD=admin \
  keycloak-2fa-email:latest start-dev

What's Next?