Skip to main content
General product information Cloud Server with Keycloak
Last update:

General product information Cloud Server with Keycloak

Keycloak is an open source platform for managing user authentication and authorization in applications and implementing Single-Sign On.

To work with Keycloak, you can create a cloud server with a ready-made operating system image.

When you create a cloud server with Keycloak, a free TLS certificate from Let's Encrypt® will be automatically issued for the domain you specify.

For a cloud server, you can configure automatic scheduled backups. From the backup, you can restore server disk.

Cost

When using a cloud server with Keycloak, only computing resources of the cloud server are paid for under cloud-platform-payment-model.

Before creating a server, top-up balance.

Prices for computing resources can be viewed at selectel.ru.

Create and configure a cloud server with Keycloak

To create and configure a cloud server with Keycloak, you need a domain and a public IP address so that the cloud server can be accessed from the Internet. The domain can be added to Selectel DNS hosting.

  1. Create a public IP address for the cloud server.

  2. In control panel, add the domain to DNS hosting (legacy).

  3. Delegate the domain. To do this, specify Selectel NS-servers in your domain registrar's domain NS-records: ns1.selectel.ru, ns2.selectel.ru, ns3.selectel.ru, ns4.selectel.ru.

  4. Add an A-record for the domain using the Add Resource Record instructions (DNS hosting (legacy) tab). In the entry value, specify the public IP address that you created in step 1.

  5. In Control Panel, go to Cloud PlatformServers.

  6. Click Create Server.

  7. Select the finished image Cloud Keycloak <version>.

  8. Select private subnet that is connected to the cloud router with access to the external network, and connect the public IP address you created in step 1.

  9. Place the SSH key on the server — password access to the server is disabled in the image. Multiple keys can be added. Key types supported are ed25519, rsa, ecdsa and dsa. Select an existing key or click Add SSH Key. Enter a key name and insert a public SSH key in OpenSSH format. Press Add.

  10. In the User data field, insert the script that will be executed when the system boots:

    #cloud-config

    write_files:
    - path: "/opt/gomplate/values/user-values.yml"
      permissions: "0644"
      content: |
        keycloakDomain: "<example.com>"
        keycloakAdminEmail: "<root@example.com>"
        keycloakAdminUser: "<administrator_name>"
        keycloakAdminPassword: "<administrator_password>"
        keycloakAdminIP: "<ip_address>"
        keycloakPostgresDB: "<database_name>"
        keycloakPostgresUser: "<database_user_name>"
        keycloakPostgresPassword: "<database_user_password>"

    Specify:

    • <example.com> is the domain to access Keycloak. A TLS certificate from Let's Encrypt® will be automatically issued for this domain;
    • <root@example.com> is the e-mail address of Keycloak's administrator. It is used for issuing certificates;
    • <administrator_name> — the administrator name to log in to the Keycloak panel;
    • <administrator_password> — the administrator password to log in to the Keycloak panel;
    • <ip_address> — IP address where the Keycloak panel will be accessible. If you want to allow access to all IP addresses, specify 0.0.0.0.0/0;
    • <database_name> is the name of the PostgreSQL database;
    • <database_user_name> is the user name of the PostgreSQL database;
    • <database_user_password> — PostgreSQL database user password.

  11. Press Create. It will take 2-5 minutes to set up the image.