Keycloak 26.4.0 Installation on Azure VM with PostgreSQL and HTTPS

This guide explains how to install Keycloak 26.4.0 on an Azure Ubuntu VM, configure it with an external PostgreSQL database, and enable HTTPS using a custom certificate.

Prerequisites

  • Azure Ubuntu VM (Create Azure VM or use the existing VM).

  • Public DNS pointing to the VM (e.g., neptunekeycloak.solitx.io)

  • SSL certificate (solitx.io.crt.pem and .key.pem) in VM.

  • External PostgreSQL server - Create a new persistence or use the existing one.

  • Create a database in the PostgreSQL server (eg: keycloak) (Or) use the existing one.

Install Docker & Docker Compose

sudo apt update
sudo apt install -y docker.io docker-compose
sudo systemctl enable docker
sudo systemctl start docker

# Add your user to Docker group
sudo usermod -aG docker $USER

# Log out and log in again (or run:)
newgrp docker

  • Verify the versions of docker and docker compose.

docker --version
docker-compose --version

Create required folders

mkdir -p ~/keycloak_data
mkdir -p ~/postgres_data
mkdir -p ~/certs

  • Copy your certificate files to ~/certs :

    • solitx.io.crt.pem

    • solitx.io.key.pem

  • Set proper permissions

chmod 600 ~/certs/solitx.io.key.pem
chmod 644 ~/certs/solitx.io.crt.pem

Create Docker Compose file

  • Create and edit docker compose file using the commands below.

sudo nano ~/keycloak-docker-compose.yml

  • Paste the following in the docker compose file while editing.

Use proper usernames and passwords while configuring the docker file using the script below.

 
services:
  keycloak:
    image: quay.io/keycloak/keycloak:26.4.0
    container_name: keycloak
    command:
      - start
      - --hostname=https://neptunekeycloak.solitx.io:8443 #Custom domain name which is created in public DNS VM
      - --https-certificate-file=/opt/keycloak/certs/solitx.io.crt.pem #Path  to certificate file
      - --https-certificate-key-file=/opt/keycloak/certs/solitx.io.key.pem #Path to key file
    environment:
      KC_DB: postgres
      KC_DB_URL: jdbc:postgresql://neptunepgsql.postgres.database.azure.com/keycloak
      KC_DB_USERNAME: Neptune
      KC_DB_PASSWORD: ****
      KC_PROXY: edge
      KC_HTTPS_PORT: 8443
      KC_HOSTNAME_STRICT_HTTPS: 'true'
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: ****
    ports:
      - "8443:8443"
    volumes:
      - /home/neptune/certs:/opt/keycloak/certs
    restart: always

networks:
  default:
    name: keycloak-network

  • Save and exit using this (Ctrl+OEnterCtrl+X) Or (Ctrl+X → Press YEnter).

Start Keycloak Container

  • Start the keycloak container, using the command below.

cd ~
docker-compose -f keycloak-docker-compose.yml up -d
sudo apt update
sudo apt install docker-compose-plugin -y
docker compose version
sudo docker compose -f ~/keycloak-docker-compose.yml up -d

Verify Keycloak

  • Check running containers

sudo docker ps

  • Check logs

sudo docker logs -f keycloak

  • You should see Keycloak starting and initializing the database.

Access Keycloak

Username: admin
Password: *****

Restarting Keycloak

  • Restart container using the command below.

sudo docker restart keycloak

  • Stop and start commands

sudo docker compose -f ~/keycloak-docker-compose.yml down
sudo docker compose -f ~/keycloak-docker-compose.yml up -d

  • Check logs

sudo docker logs -f keycloak