Keycloak SSL setup using docker image

Question

I am trying to deploy keycloak using docker image (https://hub.docker.com/r/jboss/keycloak/ version 4.5.0-Final) and facing an issue with setting up SSL.

According t

Answer 1

For anyone who is trying to run Keycloak with a passphrase protected private key file:

Keycloak runs the script /opt/jboss/tools/x509.sh to generate the keystore based on the provided files in /etc/x509/https as described in https://hub.docker.com/r/jboss/keycloak - Setting up TLS(SSL).

This script takes no passphrase into account unfortunately. But with a little modification at Docker build time you can fix it by yourself: Within your Dockerfile add:

RUN sed -i -e 's/-out "${KEYSTORES_STORAGE}\/${PKCS12_KEYSTORE_FILE}" \\/-out "${KEYSTORES_STORAGE}\/${PKCS12_KEYSTORE_FILE}" \\\n      -passin pass:"${SERVER_KEYSTORE_PASSWORD}" \\/' /opt/jboss/tools/x509.sh

This command modifies the script and appends the parameter to pass in the passphrase -passin pass:"${SERVER_KEYSTORE_PASSWORD}"

The value of the parameter is an environment variable which you are free to set: SERVER_KEYSTORE_PASSWORD

Tested with Keycloak 9.0.0