commit 112a728d0bea7862f5abf4a5fa3363d0ef8dce04
Author: DeOwl <deowl28@gmail.com>
Date:   Mon Mar 16 22:40:42 2026 +0300

    Initial commit

diff --git a/.env b/.env
new file mode 100644
index 0000000..2cc08cd
--- /dev/null
+++ b/.env
@@ -0,0 +1,3 @@
+POSTGRES_USER=keycloak
+POSTGRES_PASSWORD=changeme
+POSTGRES_DB=keycloak
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..1d03854
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+postgres
+keycloakify-starter
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..bec3d4b
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,51 @@
+services:
+  keycloak:
+    image: keycloak/keycloak:26.1
+    container_name: keycloak
+    environment:
+      KC_BOOTSTRAP_ADMIN_USERNAME: admin
+      KC_BOOTSTRAP_ADMIN_PASSWORD: admin # temporay password to change when first time logged in
+      KC_DB: postgres
+      KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
+      KC_DB_USERNAME: ${POSTGRES_USER}
+      KC_DB_PASSWORD: ${POSTGRES_PASSWORD}
+      KC_METRICS_ENABLED: "true"
+      KC_HEALTH_ENABLED: "true"
+      KC_LOG_LEVEL: INFO
+      KC_HOSTNAME: http://auth.localhost
+      KC_PROXY: edge
+      KC_HTTP_ENABLED: "true"
+    volumes:
+      - ./keycloak/themes:/opt/keycloak/providers/
+    depends_on:
+      keycloak-database:
+        condition: service_healthy
+    command:
+      - start-dev
+      - --http-enabled=true
+      - --proxy-headers=xforwarded
+
+  keycloak-database:
+    image: postgres:17
+    container_name: postgres
+    environment:
+      POSTGRES_USER: ${POSTGRES_USER}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      POSTGRES_DB: ${POSTGRES_DB}
+    volumes:
+      - ./postgres/data:/var/lib/postgresql/data # save data in a volume
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  nginx:
+    image: nginx
+    container_name: nginx
+    ports:
+      - 80:80
+    volumes:
+      - ./nginx/conf.d:/etc/nginx/conf.d
+    depends_on:
+      - keycloak
diff --git a/keycloak/themes/keycloak-theme-for-kc-all-other-versions.jar b/keycloak/themes/keycloak-theme-for-kc-all-other-versions.jar
new file mode 100644
index 0000000..392eb2f
Binary files /dev/null and b/keycloak/themes/keycloak-theme-for-kc-all-other-versions.jar differ
diff --git a/nginx/conf.d/keycloak.conf b/nginx/conf.d/keycloak.conf
new file mode 100644
index 0000000..72a7766
--- /dev/null
+++ b/nginx/conf.d/keycloak.conf
@@ -0,0 +1,28 @@
+upstream keycloak {
+    server keycloak:8080;
+}
+
+server {
+    server_name auth.localhost;
+    listen 80;
+
+    # deny access to home page
+    # exposed path recommendations https://www.keycloak.org/server/reverseproxy#_exposed_path_recommendations
+    location = / {
+        deny all;
+        return 404;
+    }
+
+    location / {
+        proxy_buffering off;
+        proxy_buffer_size          128k;
+        proxy_buffers            4 256k;
+
+        proxy_pass http://keycloak;
+
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+    }
+}