Keycloak by Neodoo En » Histórico » Versión 1
Francisco Javier Solans Benedí, 2024-03-13 06:33
| 1 | 1 | Francisco Javier Solans Benedí | Usage instructions |
|---|---|---|---|
| 2 | Getting started |
||
| 3 | |||
| 4 | Launch the product via 1-Click |
||
| 5 | |||
| 6 | Use a web browser to access the Admin console at: https://[ec2-ip]:8443, where [ec2_ip] is the public ip provided by Amazon for your instance. |
||
| 7 | |||
| 8 | Log in using the following credentials: |
||
| 9 | |||
| 10 | Username: admin |
||
| 11 | |||
| 12 | Password: the instance_id of the instance |
||
| 13 | |||
| 14 | |||
| 15 | You can also access your instance via SSH using the username and your Amazon private key. |
||
| 16 | The username depends on the operative system: |
||
| 17 | - Centos 9 Stream: 'ec2-user' |
||
| 18 | - Other Centos: 'centos' |
||
| 19 | - Ubuntu: 'ubuntu' |
||
| 20 | - Rocky Linux: 'rocky' |
||
| 21 | |||
| 22 | Installation details |
||
| 23 | Keycloak installed with wildfly distribution. |
||
| 24 | |||
| 25 | In versions prior to 19.0.1, we install Keyckloak embedded within the wildfly application server |
||
| 26 | |||
| 27 | The configuration files are located inside the embedded WildFly, that is, in the directory $KEYCLOAK_HOME where KEYCLOAK_HOME is /usr/java/keycloak. |
||
| 28 | |||
| 29 | For more details on the installation, you can refer to the documentation at https://www.keycloak.org/docs/latest/server_installation/index.html |
||
| 30 | |||
| 31 | Keycloak installed with the Quarkus distribution. |
||
| 32 | From version 19.0.1, we install Keycloak with Quarkus as the distribution with WildFly is deprecated. |
||
| 33 | |||
| 34 | The configuration file is located in the directory $KEYCLOAK_HOME/conf/keycloak.conf where $KEYCLOAK_HOME is /usr/java/keycloak. |
||
| 35 | |||
| 36 | For more details on the installation, you can refer to the documentation at https://www.keycloak.org/docs/latest/server_installation/index.html |
||
| 37 | |||
| 38 | Configuración de TLS en Keycloak |
||
| 39 | By default, we have created a self-signed certificate using Java Keystore so it's not validated by any authority (by default, the Keycloak server looks for the file $KEYCLOAK_HOME/conf/server.keystore). |
||
| 40 | If you want to obtain a valid certificate, you will need to request one from a certificate authority and make the necessary changes in Keycloak. |
||
| 41 | |||
| 42 | Service configuration |
||
| 43 | Server service is configured with systemd. |
||
| 44 | The Keycloak service is in /etc/systemd/system/keycloak.service, which indicates whether to start Keycloak in development or production mode: |
||
| 45 | If you have chosen Keycloak with H2, the service will start in development mode: ExecStart=/usr/java/keycloak/bin/kc.sh start-dev |
||
| 46 | If you have chosen Keycloak with MySQL or PostgreSQL, the service is started for production mode: ExecStart=/usr/java/keycloak/bin/kc.sh start |
||
| 47 | |||
| 48 | |||
| 49 | View status server: |
||
| 50 | |||
| 51 | [centos@ip-172-31-9-232 etc]$ sudo systemctl status keycloak |
||
| 52 | Stop server: |
||
| 53 | |||
| 54 | [centos@ip-172-31-9-232 etc]$ sudo systemctl stop keycloak |
||
| 55 | Start server: |
||
| 56 | |||
| 57 | [centos@ip-172-31-9-232 etc]$ sudo systemctl start keycloak |
||
| 58 | |||
| 59 | Data persistence modes |
||
| 60 | |||
| 61 | H2 (Default) |
||
| 62 | |||
| 63 | Keycloak comes with its own embedded Java-based relational database called H2. Usually recommended for development environments, for production environments it is recommended to work with better relational databases. |
||
| 64 | |||
| 65 | We provide products with MySQL or PostgreSQL. |
||
| 66 | |||
| 67 | MySQL |
||
| 68 | |||
| 69 | Keycloak is configured with a MySQL database. |
||
| 70 | |||
| 71 | PostgreSQL |
||
| 72 | |||
| 73 | Keycloak is configured with a PostgreSQL database. |
||
| 74 | |||
| 75 | MySQL |
||
| 76 | View service status: |
||
| 77 | $ sudo systemctl status mysql |
||
| 78 | Stop service: |
||
| 79 | |||
| 80 | $ sudo systemctl stop mysql |
||
| 81 | Start service: |
||
| 82 | |||
| 83 | $ sudo systemctl start mysql |
||
| 84 | Access the MySQL console from your terminal: |
||
| 85 | $ sudo mysql |
||
| 86 | PostgreSQL |
||
| 87 | View service status: |
||
| 88 | $ sudo systemctl status postgresql |
||
| 89 | Stop service: |
||
| 90 | |||
| 91 | $ sudo systemctl stop postgresql |
||
| 92 | Start service: |
||
| 93 | |||
| 94 | $ sudo systemctl start postgresql |
||
| 95 | Access the MySQL console from your terminal: |
||
| 96 | $ sudo -u postgres psql |
||
| 97 | Other useful data |
||
| 98 | |||
| 99 | Location of sensitive information |
||
| 100 | All the information is saved in the database. |
||
| 101 | |||
| 102 | In MySQL the data folder is /var/lib/mysql |
||
| 103 | In PostgreSQL the data folder is /var/lib/pgsql/data |
||
| 104 | |||
| 105 | Encryption configuration |
||
| 106 | There is no encrypted data. |
||
| 107 | |||
| 108 | Changing system credentials |
||
| 109 | To change the Kecycloak credentials you have to go to the menu on the right, users, credentials and press the reset button. |
||
| 110 | |||
| 111 | Instructions on how the user interacts with Keycloak to decrypt necessary data |
||
| 112 | You can use the Keycloak management console to view all necessary data. |
||
| 113 | |||
| 114 | How to assess and monitor the health and proper function of the application. |
||
| 115 | 1. Navigate to your Amazon EC2 console and verify that you're in the correct region. |
||
| 116 | 2. Choose Instance and select your launched instance. |
||
| 117 | 3. Select the server to display your metadata page and choose the Status checks tab at the bottom of the page to review if your status checks passed or failed. |
||
| 118 | |||
| 119 | Additional resources |
||
| 120 | |||
| 121 | https://www.keycloak.org/ |
||
| 122 | https://www.keycloak.org/server/enabletls |
||
| 123 | https://www.keycloak.org/server/configuration |