diff --git a/compose/keycloak/.env b/compose/keycloak/.env
new file mode 100644
index 0000000..52c320b
--- /dev/null
+++ b/compose/keycloak/.env
@@ -0,0 +1,4 @@
+POSTGRES_USER=keycloak
+POSTGRES_PASSWORD=SUPERsecret
+KEYCLOAK_ADMIN=admin
+KEYCLOAK_ADMIN_PASSWORD=password
\ No newline at end of file
diff --git a/compose/keycloak/docker-compose.yml b/compose/keycloak/docker-compose.yml
new file mode 100644
index 0000000..ca6f735
--- /dev/null
+++ b/compose/keycloak/docker-compose.yml
@@ -0,0 +1,59 @@
+version: '3'
+services:
+  postgresql:
+    image: postgres:16
+    security_opt:
+      - apparmor:unconfined
+    environment:
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_DB=keycloak
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+    volumes:
+      - /docker/appdata/keycloak/postgresql_data:/var/lib/postgresql/data
+    networks:
+      keycloak:
+
+  keycloak:
+    image: quay.io/keycloak/keycloak:22.0.3
+    security_opt:
+      - apparmor:unconfined
+    restart: always
+    command: start
+    depends_on:
+      - postgresql
+    environment:
+      - KC_PROXY_ADDRESS_FORWARDING=true
+      - KC_HOSTNAME_STRICT=false
+      - KC_HOSTNAME=keycloak.yourdomain.com # Change this to your domain
+      - KC_PROXY=edge
+      - KC_HTTP_ENABLED=true
+      - KC_DB=postgres
+      - KC_DB_USERNAME=${POSTGRES_USER}
+      - KC_DB_PASSWORD=${POSTGRES_PASSWORD}
+      - KC_DB_URL_HOST=postgres
+      - KC_DB_URL_PORT=5432
+      - KC_DB_URL_DATABASE=keycloak
+      - KEYCLOAK_ADMIN=${KEYCLOAK_ADMIN}
+      - KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD}
+    ports:
+      - 8085:8080
+    networks:
+      frontend:
+      keycloak:
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.keycloak.entrypoints=web
+      - traefik.http.routers.keycloak.rule=Host(`keycloak.yourdomain.com`) # Change this to your domain
+      - traefik.http.middlewares.keycloak-https-redirect.redirectscheme.scheme=websecure
+      - traefik.http.routers.keycloak.middlewares=keycloak-https-redirect
+      - traefik.http.routers.keycloak-secure.entrypoints=websecure
+      - traefik.http.routers.keycloak-secure.rule=Host(`keycloak.yourdomain.com`) # Change this to your domain
+      - traefik.http.routers.keycloak-secure.tls=true
+      - traefik.http.routers.keycloak-secure.service=keycloak
+      - traefik.http.services.keycloak.loadbalancer.server.port=8080
+      - traefik.docker.network=frontend
+
+networks:
+  frontend:
+    external: true
+  keycloak:
\ No newline at end of file