diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..6ee0103
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+/data
+/.env
diff --git a/Containerfile.keycloak b/Containerfile.keycloak
new file mode 100644
index 0000000..046d833
--- /dev/null
+++ b/Containerfile.keycloak
@@ -0,0 +1,12 @@
+ARG KEYCLOAK_VERSION
+FROM quay.io/keycloak/keycloak:${KEYCLOAK_VERSION} as builder
+
+RUN /opt/keycloak/bin/kc.sh build --features-disabled=impersonation --db=postgres
+
+FROM quay.io/keycloak/keycloak:${KEYCLOAK_VERSION}
+WORKDIR /opt/keycloak
+COPY --from=builder /opt/keycloak/ /opt/keycloak/
+ENV KC_DB_URL=keycloak_db
+
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
+CMD ["start", "--optimized"]
diff --git a/README.md b/README.md
index 322096a..f7db0ed 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,13 @@
-# keycloak-deployment
+# Keycloak Deployment
 
+This repos contains all files required to deploy the keycloak service using docker-compose.
+
+The deployment is tailored towards a setup using postgres as the database and running keycloak behind a reverse proxy using HTTP. If you want to use it with any other configuration, you will have to adapt the compose file.
+
+## Setup
+
+Copy the `sample.env` file into a `.env` file and choose secure passwords. Then run `docker compose up -d`
+
+## Updating
+
+Change the Postgres and Keycloak version in your `.env` file and run `docker compose build` (only required for updating Keycloak). Then run `docker compose up -d` again.
diff --git a/compose.yml b/compose.yml
new file mode 100644
index 0000000..5348884
--- /dev/null
+++ b/compose.yml
@@ -0,0 +1,38 @@
+version: '3.9'
+
+services:
+  keycloak_db:
+    image: postgres:${POSTGRES_VERSION}
+    restart: always
+    environment:
+      - POSTGRES_DB=keycloak
+      - POSTGRES_USER=${KC_DB_USERNAME}
+      - POSTGRES_PASSWORD=${KC_DB_PASSWORD}
+    volumes:
+      - ./data/postgres:/var/lib/postgresql/data
+
+  keycloak:
+    build:
+      dockerfile: Containerfile.keycloak
+      args:
+        KEYCLOAK_VERSION: ${KEYCLOAK_VERSION}
+    depends_on:
+      - keycloak_db
+    environment:
+      - KC_HEALTH_ENABLED=true
+      - KC_DB=postgres
+      - KC_DB_URL=jdbc:postgresql://keycloak_db:5432/keycloak
+      - KC_DB_URL_DATABASE=keycloak
+      - KC_PROXY_ADDRESS_FORWARDING=true
+      - KC_HOSTNAME_STRICT_HTTPS=false
+      - KC_PROXY=edge
+      - KC_HTTP_ENABLED=true
+      - KC_HOSTNAME_STRICT=false
+      - KC_HOSTNAME=${KC_HOSTNAME}
+      - KC_DB_USERNAME=${KC_DB_USERNAME}
+      - KC_DB_PASSWORD=${KC_DB_PASSWORD}
+      - KEYCLOAK_ADMIN=${KEYCLOAK_ADMIN}
+      - KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD}
+    restart: always
+    ports:
+      - 8080:8080
diff --git a/sample.env b/sample.env
new file mode 100644
index 0000000..b14f022
--- /dev/null
+++ b/sample.env
@@ -0,0 +1,7 @@
+KEYCLOAK_VERSION=22.0
+KEYCLOAK_ADMIN=idpadmin
+KEYCLOAK_ADMIN_PASSWORD=
+KC_DB_USERNAME=ctbkidpdb
+KC_DB_PASSWORD=
+KC_HOSTNAME=idp.ctbk.de
+POSTGRES_VERSION=16.0