I use letsencrypt certs for ssl and need to setup a keycloak to work with these certificates. Keycloak is running in the docker container, if it is important. So, I mount certs as volumes to the keycloak's container
volumes:
- /etc/letsencrypt/live/my.tld/fullchain.pem:/etc/certs/fullchain.pem
- /etc/letsencrypt/live/my.tld/privkey.pem:/etc/certs/privkey.pem
and set these certs in the keycloak.conf
https-certificate-file=/etc/certs/fullchain.pem
https-certificate-key-file=/etc/certs/privkey.pem
The problem is, that private key file privkey.pem has mode 600, so I have to run keycloak as root, which is not secure. My question - is there a way to start keycloak as root to get the access to the privkey.pem and then switch it to another user (e.g. keycloak) like other daemons do? Or maybe some other way to avoid keycloak to be running as root except creating a group and giving privkey.pem permissions other than 600?
Thank you.
