Launching keycloak server with SSL
Here’s how I set up keycloak server with SSL certification by Let’s Encrypt.
- Launch EC2 instance
- Install OpenJDK
- Follow Keycloak Getting Started tutorial.
- Create first admin user by command line tool, explained here.
- Make sure EC2 can accept 8080 port from your IP address
- Open browser and access http://your.ec2.ip.address/auth for keycloak admin screen.
SSL by Let’s Encrypt
Prepare new domain and config in DNS setting.
We use nginx to make certificates for your-domain-name.
Install nginx and configure its server name to your domain of choice. (/etc/nginx/nginx.conf)
Make sure you can access http://your-domain-name from your browser.
Install certbot. EC2 Amazon Linux 2 didn’t offer snapd, so I installed certbot with yum:
sudo amazon-linux-extras install epel
sudo yum install certbot
sudo yum install certbot-nginx
Create Let’s Encrypt certificates. .pem files are created in /etc/letsencrypt/archive/your-domain-name/ and symlinks are made in /etc/letsencrypt/live/your-domain-name/
Use Let’s Encrypt certificate for keycloak. Convert the certificates to pkcs12 keystore and specify it for use in Keycloak config:
Start keycloak server and see if https://your-domain-name:8443/auth is accessible.
Then forbid 8080 port on AWS security rule to force SSL only.