How to Install Keycloak on Your Synology NAS

by

How to Install Keycloak on Your Synology NAS

Keycloak is an Open Source Identity and Access Management solution for modern Applications and Services. In this step by step guide I will show you how to install Keycloak legacy version on your Synology NAS using Docker. Keycloak legacy: This is the legacy distribution of Keycloak which uses WildFly as Runtime engine. At STEP 19, you also have the option to download a compose to use the Keycloak Quarkus which uses Quarkus as Runtime environment.

💡Note: This guide works perfectly with the latest Keycloak 26.0.5 release.

  • STEP 1

Please Support My work by Making a Donation.

  • STEP 2

Install Portainer using my step by step guide. If you already have Portainer installed on your Synology NAS, skip this STEP. Attention: Make sure you have installed the latest Portainer version.

  • STEP 3

Make sure you have a synology.me Wildcard Certificate. Follow my guide to get a Wildcard Certificate. If you already have a synology.me Wildcard certificate, skip this STEP.

  • STEP 4

Go to Control Panel / Login Portal / Advanced Tab / click Reverse Proxy. Follow the instructions in the image below.

Keycloak Synology NAS Set up 1

  • STEP 5

Now click the “Create” button. Follow the instructions in the image below.

Keycloak Synology NAS Set up 2

  • STEP 6

After you click the Create button, the window below will open. Follow the instructions in the image below.

On the General area, set the Reverse Proxy Name description: type in Keycloak. After that, add the following instructions:

Source:
Protocol: HTTPS
Hostname: keycloak.yourname.synology.me
Port: 443

Check Enable HSTS

Destination:
Protocol: HTTP
Hostname: localhost
Port: 8711

Keycloak Synology NAS Set up 3 new

  • STEP 7

On the Reverse Proxy Rules click the Custom Header tab. Click Create and then, from the drop-down menu, click WebSocket. After you click on WebSocket, two Header Names and two Values will be automatically added. Click Save. Follow the instructions in the image below.

Synology Proxy WebSocket

  • STEP 8

Go to Control Panel / Network / Connectivity tab/ Check Enable HTTP/2 then click Apply. Follow the instructions in the image below.

Keycloak Synology NAS Set up 5

  • STEP 9

Go to Control Panel / Security / Advanced tab/ Check Enable HTTP Compression then click Apply. Follow the instructions in the image below.

Keycloak Synology NAS Set up 6

  • STEP 10

Go to File Station and open the docker folder. Inside the docker folder, create one new folder and name it keycloakdb. Follow the instructions in the image below.
Note: Be careful to enter only lowercase, not uppercase letters.

Keycloak Synology NAS Set up 7

  • STEP 11

Log into Portainer using your username and password. On the left sidebar in Portainer, click on Stacks then + Add stack. Follow the instructions in the image below.

1 Synology Portainer Add Stack

  • STEP 12

In the Name field type in keycloak. Follow the instructions in the image below.

Note: Copy Paste the code below in the Portainer Stacks Web editor.

version: "3.9"
services:
  db:
    image: postgres:16
    container_name: Keycloak-DB
    hostname: keycloak-db
    mem_limit: 1g
    cpu_shares: 1024
    security_opt:
      - no-new-privileges:true
    healthcheck:
      test: ["CMD", "pg_isready", "-q", "-d", "keycloak", "-U", "keycloakuser"]
      timeout: 45s
      interval: 10s
      retries: 10
    volumes:
      - /volume1/docker/keycloakdb:/var/lib/postgresql/data:rw
    environment:
      POSTGRES_DB: keycloak
      POSTGRES_USER: keycloakuser
      POSTGRES_PASSWORD: keycloakpass
    restart: on-failure:5
    
  keycloak:
      image: quay.io/keycloak/keycloak:legacy
      container_name: Keycloak
      restart: on-failure:5
      healthcheck:
       test: curl -f http://localhost:8080/ || exit 1
      environment:
        DB_VENDOR: POSTGRES
        DB_ADDR: db
        DB_DATABASE: keycloak
        DB_USER: keycloakuser
        DB_SCHEMA: public
        DB_PASSWORD: keycloakpass
        KEYCLOAK_USER: marius
        KEYCLOAK_PASSWORD: mariushosting
        PROXY_ADDRESS_FORWARDING: true
      ports:
        - 8711:8080
      depends_on:
        - db

Note: Before you paste the code above in the Web editor area, change the value for KEYCLOAK_USER and add your own username. marius is an example for a username. You have to insert your own username.
Note: Before you paste the code above in the Web editor area, change the value for KEYCLOAK_PASSWORD and add your own password. mariushosting is an example for a password. You have to insert your own password.

Keycloak Synology NAS Set up 8 new 2024

  • STEP 13

Scroll down on the page until you see a button named Deploy the stack. Click on it. Follow the instructions in the image below. The installation process can take up to a few minutes. It will depend on your Internet speed connection.

Keycloak Synology NAS Set up 9 new 2024

  • STEP 14

If everything goes right, you will see the following message at the top right of your screen: “Success Stack successfully deployed“.

Keycloak Synology NAS Set up 10 new 2024

  • STEP 15

Go back to STEP 1 or you will deal with karma 🙂.

  • STEP 16

Please wait approximately 3 minutes for the installation to be completed or you will get a blank page if you try to connect too soon. Now open your browser and type in your HTTPS/SSL certificate like this https://keycloak.yourname.synology.me In my case it’s https://keycloak.mariushosting.synology.me If everything goes right, you will see the Keycloak homepage. Click Administration Console. Follow the instructions in the image below.

Keycloak Synology NAS Set up 11

  • STEP 17

Add your own username and password that you have previously created at STEP 12. Click Sign In. Follow the instructions in the image below.

Keycloak Synology NAS Set up 12

  • STEP 18

Your Keycloak info at a glance!

Keycloak Synology NAS Set up 13 new 2024

  • STEP 19

Download (click on the blue link below) to download the docker compose for Keycloak that uses the latest Keycloak version built on Quarkus. This version of Keycloak uses Quarkus as Runtime environment 🔒Note: Support my work to unlock the password. You can use this password to download any file on mariushosting forever!

👉🏻Keycloak Quarkus.txt

Enjoy Keycloak!

🆘TROUBLESHOOTING

If you encounter issues by using this container, make sure to check out the Common Docker issues article.

Note: Make sure RULE 5 an RULE 6 is correctly applied on your Synology NAS Firewall configuration.

Note: Find out how to update the Keycloak container with the latest image.
Note: How to Back Up Docker Containers on your Synology NAS.
Note: Can I run Docker on my Synology NAS? See the supported models.
Note: How to Free Disk Space on Your NAS if You Run Docker.
Note: How to Schedule Start & Stop For Docker Containers.
Note: How to Activate Email Notifications.
Note: How to Add Access Control Profile on Your NAS.
Note: How to Change Docker Containers Restart Policy.
Note: How to Use Docker Containers With VPN.
Note: Convert Docker Run Into Docker Compose.
Note: How to Clean Docker.
Note: How to Clean Docker Automatically.
Note: Best Practices When Using Docker and DDNS.
Note: Some Docker Containers Need WebSocket.
Note: Find out the Best NAS Models For Docker.
Note: Activate Gmail SMTP For Docker Containers.

This post was updated on Monday / November 11th, 2024 at 4:20 PM

🧡 I Need Your Help!