DigitalOcean uses User Data scripts that run automatically on first boot. You fill in the configuration variables at the top of the script, then paste the entire script when creating a Droplet.
Unlike Linode StackScripts, DigitalOcean has no form UI — you must edit the script directly before pasting.
Download script: digitalocean-droplet-keycloak-embed.sh
Embedded Keycloak (Recommended)
Use digitalocean-droplet-keycloak-embed.sh for the simplest setup with built-in SSO.
Step 1 — Fill in the configuration
Open the script and edit the CONFIGURATION block at the top:
# --- Required ---
PROJECT_ID="rtsurvey" # Unique identifier for your project (no spaces)
ADMIN_PASSWORD="admin" # Password for app admin and Keycloak — change after first login
# --- Domain + SSL ---
DOMAIN="myapp.example.com" # Your domain — DNS A record must point here
PROJECT_URL="" # Leave blank unless behind Cloudflare/proxy
LETSENCRYPT_EMAIL="admin@example.com" # Email for Let's Encrypt notifications
# --- Optional ---
STATA_ENABLED="false"
TZ="Asia/Ho_Chi_Minh"| Field | Required | Description |
|---|---|---|
PROJECT_ID | Yes | Used as database name and Keycloak client ID. Lowercase, no spaces. |
ADMIN_PASSWORD | No | Password for app admin login and Keycloak admin console. Defaults to admin — change after first login. |
DOMAIN | Yes | Your domain name. DNS A record must point to the Droplet IP. |
LETSENCRYPT_EMAIL | Yes | Email address for Let's Encrypt certificate notifications. |
PROJECT_URL | No | Override the public URL. Leave blank to use DOMAIN. Useful behind Cloudflare. |
Security: All passwords default to
admin. Change them immediately after your first login.
Step 2 — Create a Droplet
In the DigitalOcean control panel (opens in a new tab):
- Click Create → Droplets
- Choose Ubuntu 22.04 LTS as the image
- Select Basic, 4 GB RAM / 2 vCPUs or larger
- Scroll to Advanced Options → check Add Initialization scripts
- Paste the full script content into the text area
- Click Create Droplet
Step 3 — Add the DNS record
While the Droplet boots, add an A record in your DNS provider:
Type : A
Name : myapp (or @ for root domain)
Value : <droplet-ip>
TTL : 300Step 4 — Monitor progress
SSH into the Droplet and watch the log:
ssh root@<droplet-ip>
tail -f /var/log/rtcloud-setup.logThe script prints your server IP near the start — add the DNS record as soon as you see it.
Step 5 — Access the app
When setup completes, the log shows a summary:
============================================================
rtCloud deployment complete! (Embedded Keycloak)
============================================================
App URL : https://myapp.example.com
Admin : admin / admin
Keycloak : https://myapp.example.com/auth/admin
!! SECURITY: All passwords default to 'admin'.
Change them immediately after first login.
============================================================Open https://myapp.example.com in your browser and log in with username admin and password admin.
Change your password immediately after login via Settings in the top-right menu.
After Deployment
Change a password
SSH into the Droplet, edit .env, and restart the affected container:
nano /opt/rtcloud/.env
docker compose -f /opt/rtcloud/docker-compose.production.yml up -d --force-recreate rtcloudUpdate the domain
If you assign a different domain after deployment, update PROJECT_URL in .env:
nano /opt/rtcloud/.env # update PROJECT_URL=
docker compose -f /opt/rtcloud/docker-compose.production.yml up -d --force-recreate rtcloudView all containers
docker compose -f /opt/rtcloud/docker-compose.production.yml ps