Is the Docker installation widely used in production environments?
I experimented with it last week and noted that there were a few gaps in the documentation, so got the impression that the bare metal installation might be the preferred route.
Happy to be corrected if that’s not the case, just looking for some guidance here.
I don’t see a problem with using it in production, the standalone-ha.xml can be mounted as do providers and themes.
What seems to be missing in the documentation for you?
Looking at Getting Started, it tells the user to:
docker run -p 8080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin quay.io/keycloak/keycloak:9.0.3
And then to access the admin console.
But if KeyCloak isn’t accessed via TLS, the administration interface is completely inaccessible, throwing an HTTPS Required error. A quick google and a stackexchange article later tells me that this has been the case for at least 18 months. It certainly gives the impression that the Docker route is the less-trodden path.
There’s also no mention of docker on the server installation guide. It’s all bare metal.
I’ve just run that docker container exactly like you’ve written it down and I can access it over plain localhost:8080 and enter the admin console. I though I try it because I always run even in development behind https behind an Nginx Docker container. But it works without it.
I guess they give you the basic docker example but obviously that’s not enough by any means.
Depending on your needs you have to add a lot more than that.
Maybe this will kick you off, here is an example of a docker compose file https://github.com/zonaut/keycloak-extensions/blob/master/docker-compose.yml, it’s not a full production example but you can start from that one and expand it a bit according to your needs.
I can understand why they don’t document everything about this in the manual as you have a lot of flexibility with this. Are you running Kubernetes, Docker swarm and so on, depending on all these use cases you will have different configuration so this is more a community kind of thing.
See Keycloak Docker HTTPS required - Stack Overflow for standalone docker run. Default http is good for bigger infrastructure, where TLS off loading is done by loadbalancer/reverse proxy and not by Keycloak.
There is a lot of Docker orchestration tools (Kubernetes, Docker Swarm, Docker compose, Cloud Foundry, Mesos, Nomad, OpenShift, Rancher, AWS ECS, …) and it isn’t in the scope of Keycloak manual to cover all of them. But Keycloak/Docker itself has configuration options to support all of them (Or at least I don’t see any problem).