Keycloak

Development1024MB+ RAM

Open-source identity and access management

Download Server Compass Install Keycloak to server

authidentityssooauth

Deploy Keycloak in 3 Steps

Connect Your VPS

Add your server credentials to Server Compass

Select Keycloak

Choose from our template library

Deploy & Configure

Fill in settings and click Deploy

No Docker knowledge required

Step-by-step deployment guide

Deploy Keycloak on a VPS with Server Compass

Use the Keycloak template in Server Compass to deploy a self-hosted identity and access management server with Postgres on your VPS, then verify the Keycloak web UI in a browser.

About 7 minutesBrowser verified

Step 1

Open the server Apps tab

Select your VPS, open the Apps tab, and start a new app deployment. Keep sensitive server details hidden before capturing or sharing screenshots.

Server Compass Apps tab before creating a Keycloak app

Step 2

Choose an app template

Click New App and choose the template deployment path so Server Compass can load the built-in catalog.

Choosing to deploy an app from a Server Compass template

Step 3

Search for Keycloak

Use the template picker search to find Keycloak in the Server Compass template catalog.

Searching for Keycloak in the Server Compass template picker

Step 4

Select the Keycloak template

Choose the Keycloak template. Server Compass fills the Keycloak web service, bootstrap admin username, bootstrap admin password, and Postgres password.

Keycloak template selected in Server Compass

Step 5

Review the Keycloak settings

Confirm the app name and compose services. In this run, the app was named keycloak-demo and used host port 3001.

Reviewing Keycloak project settings and compose services

Step 6

Deploy Keycloak

Review the generated environment values, confirm the port is available, and click Deploy Now.

Reviewing Keycloak environment variables and port before deployment

Step 7

Watch the deployment progress

Keep the deployment modal open while Server Compass uploads the compose file, pulls the Keycloak image, starts the container, and verifies the stack.

Server Compass deploying the Keycloak template on the VPS

Step 8

Confirm Keycloak is running

After deployment finishes, return to the Apps tab and confirm the Keycloak app is marked Running with its application URL available.

Keycloak template running in the Server Compass Apps tab

Step 9

Open Keycloak in the browser

Open the application URL in a browser. The Keycloak web UI confirms the stack is reachable.

The deployed Keycloak web UI loaded in a browser

After Keycloak Opens

Sign in to the admin console with the bootstrap admin account and rotate the password before production use.
Configure HTTPS, realms, clients, identity providers, SMTP, and production mode before exposing Keycloak to users.
Add a domain and HTTPS before exposing Keycloak to users.
Back up the Keycloak Postgres volume before relying on it for production identity data.

Verified Result

The Keycloak web UI loaded successfully in a browser.

Download Server Compass Docs

Keycloak deployment questions

What does the Keycloak template deploy?

It deploys Keycloak with a Postgres database service.

Which port did the tutorial use?

The tutorial verified Keycloak on host port 3001, which maps to the Keycloak web service on container port 8080.

Why does the guide stop at the first-run web UI?

The tutorial verifies the clean Keycloak web UI because realms, clients, users, and identity providers depend on the production server.

Should this become a blog post?

No. The deployment guide should live on the Keycloak template detail page and be linked from the reusable template deployment docs page.

DIY Deployment

Self-Host Keycloak with Docker

Take the DIY route and deploy Keycloak on your own server using Docker.

Access Your VPS Terminal

Use your terminal to securely access your server. You'll need your server's IP address.

terminal

# Connect via SSH
ssh root@your-vps-ip

# Alternative with key file
ssh -i /path/to/key root@your-vps-ip

First time? Make sure Docker is installed on your VPS. Run: curl -fsSL https://get.docker.com | sh

Set Up the Deployment Folder

Initialize a project folder on your server.

terminal

# Create and navigate to project directory
mkdir -p ~/apps/keycloak
cd ~/apps/keycloak

Set Up the Stack Definition

Use this Docker Compose configuration for your deployment:

docker-compose.yml

services:
  keycloak:
    image: quay.io/keycloak/keycloak:latest
    ports:
      - "8080:8080"
    environment:
      - KC_BOOTSTRAP_ADMIN_USERNAME=admin
      - KC_BOOTSTRAP_ADMIN_PASSWORD=<your-admin-password>
      - KC_DB=postgres
      - KC_DB_URL=jdbc:postgresql://db:5432/keycloak
      - KC_DB_USERNAME=keycloak
      - KC_DB_PASSWORD=<your-db-password>
    command: start-dev
    restart: unless-stopped
    depends_on:
      db:
        condition: service_healthy

  db:
    image: postgres:16-alpine
    environment:
      - POSTGRES_USER=keycloak
      - POSTGRES_PASSWORD=<your-db-password>
      - POSTGRES_DB=keycloak
    volumes:
      - postgres_data:/var/lib/postgresql/data
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U keycloak"]
      interval: 10s
      timeout: 5s
      retries: 5

volumes:
  postgres_data:

Configurable Options

PORTHost port(default: 8080)

ADMIN_USERAdmin user(default: admin)

ADMIN_PASSWORDAdmin password

DB_PASSWORDDB password

Start the Containers

Bring up your containers in detached mode.

terminal

# Start all services
docker compose up -d

# List running containers
docker compose ps

# Watch the logs
docker compose logs -f

Set Up Firewall Rules

Allow the application port through your server's firewall.

terminal

# Allow the application port through firewall
sudo ufw allow 8080/tcp
sudo ufw reload

# Access your app at:
# http://your-server-ip:8080

Skip the Terminal

Let Server Compass do the heavy lifting.

Forget SSH and YAML files. Deploy Keycloak visually with Server Compass in just a few clicks.

Beautiful interface
One-click deploys
Let's Encrypt SSL
Zero downtime
Container monitoring
Easy rollbacks

Download Server Compass$29 one-time • Lifetime license

After Deployment

After deploying Keycloak with Server Compass, complete these steps to finish setup

Create realms and clients

Need help? Check out our documentation for detailed guides.

Keycloak FAQ

Common questions about self-hosting Keycloak

How do I deploy Keycloak with Server Compass?

Simply download Server Compass, connect to your VPS, and select Keycloak from the templates list. Fill in the required configuration and click Deploy. The entire process takes under 3 minutes.

What are the system requirements for Keycloak?

Keycloak requires a minimum of 1024MB RAM. We recommend a VPS with at least 2048MB RAM for optimal performance. Any modern Linux server with Docker support will work.

Can I migrate my existing Keycloak data?

Yes! Server Compass provides volume mapping that allows you to import existing data. You can also use standard Keycloak backup and restore procedures.

How do I update Keycloak to the latest version?

Server Compass makes updates easy. Simply click the Update button in your deployment dashboard, and the latest Keycloak image will be pulled and deployed with zero downtime.

Is Keycloak free to self-host?

Keycloak is open-source software. You only pay for your VPS hosting (typically $5-20/month) and optionally Server Compass ($29 one-time). No subscription fees or per-seat pricing.

Related Templates

View all Development

PocketBase

Open-source backend in a single file with realtime database, auth, and file storage

Appwrite

Open-source backend-as-a-service - self-hosted Firebase alternative

Parse Server

Open-source backend framework with dashboard

Supabase

Full Supabase self-hosted with Kong, GoTrue Auth, Realtime, and Studio

Ready to Self-Host Keycloak?

Download Server Compass and deploy Keycloak to your VPS in under 3 minutes. No Docker expertise required.

Download Server Compass