This repository houses docker compose and related files for running WebProtégé.
For a basic Docker Compose file see docker-compose.yml.
For a Keycloak configuration file see keycloak/webprotege.json
add in etc/hosts 127.0.0.1 webprotege-local.edu
This guide will walk you through setting up WebProtégé using Docker.
Before beginning, ensure that the Docker daemon is active on your system. The Docker daemon is the background service that manages Docker containers and images.
On macOS/Linux:
docker infoOn Windows:
- Open Docker Desktop application
- Verify the Docker icon in the system tray shows it's running
- Alternatively, open PowerShell and run
docker info
If Docker isn't running, start it through Docker Desktop or your system's service manager. You should see output showing Docker system information when the daemon is properly running.
WebProtégé requires a custom local domain for proper operation. You'll need to modify your system's hosts file to redirect the custom domain to your local machine.
Location of hosts file:
- Linux/macOS:
/etc/hosts - Windows:
C:\Windows\System32\drivers\etc\hosts
Steps to modify:
-
Open the hosts file with administrator/root privileges
- Linux/macOS:
sudo nano /etc/hostsorsudo vim /etc/hosts - Windows: Run Notepad as Administrator, then open the hosts file
- Linux/macOS:
-
Add this exact line at the end of the file:
127.0.0.1 webprotege-local.edu 127.0.0.1 webprotege-events-history-service -
Save and close the file
What this does: This configuration tells your computer that when any application tries to access webprotege-local.edu, it should connect to 127.0.0.1 (localhost) instead of trying to resolve it through DNS.
Open a terminal or command prompt and change to your local webprotege-deploy directory. This directory should contain the Docker Compose configuration files necessary for running WebProtégé.
cd /path/to/your/webprotege-deployExample paths:
- macOS/Linux:
cd ~/Projects/webprotege-deploy - Windows:
cd C:\Users\YourUsername\Documents\webprotege-deploy
Configure the SERVER_HOST environment variable to match the custom domain you added to your hosts file. This tells WebProtégé which hostname to expect for incoming requests.
Linux/macOS (Bash/Zsh):
export SERVER_HOST=webprotege-local.eduWindows (PowerShell):
$env:SERVER_HOST = "webprotege-local.edu"Windows (Command Prompt):
set SERVER_HOST=webprotege-local.eduNote: This environment variable is temporary and only applies to your current terminal session. For permanent configuration, you can add it to your shell profile or use a .env file if supported by your Docker Compose setup.
WebProtégé uses Keycloak as its identity and access management solution. Keycloak must be configured before starting the main WebProtégé services.
Launch only the Keycloak service initially to configure authentication before starting other services:
docker compose up keycloak -dCommand breakdown:
docker compose up: Starts services defined in docker-compose.ymlkeycloak: Specifies only the keycloak service-d: Runs in detached mode (background), freeing up your terminal
Expected output:
[+] Running 1/1
✔ Container webprotege-deploy-keycloak-1 Started
Wait a few moments for Keycloak to fully initialize. You can check the logs with:
docker compose logs keycloakOpen your web browser and navigate to:
http://localhost:8080
You should see the Keycloak administration console welcome page. If you see an error or connection refused message, wait a bit longer for Keycloak to finish starting up.
Troubleshooting:
- If the page doesn't load, check that Keycloak is running:
docker compose ps - Review logs for errors:
docker compose logs keycloak
Use the default administrator credentials to access the Keycloak admin console:
- Username:
admin - Password:
password
Security Note: These are default credentials for local development. In a production environment, you should immediately change these credentials and use strong, unique passwords.
Once logged in, you'll see the Keycloak administration dashboard with options to manage realms, users, and authentication settings.
A "realm" in Keycloak is a security domain that manages users, credentials, and roles for a specific application or set of applications.
Steps to import:
- In the left sidebar, hover over the realm dropdown (likely showing "Master")
- Click "Create Realm" or "Add realm"
- Choose "Import" or "Browse" option
- Navigate to and select the
keycloak/webprotege.jsonfile from your webprotege-deploy directory - Click "Create" or "Import"
What this configuration includes:
- WebProtégé client configuration
- Required authentication flows
- User roles and permissions
- Login themes and settings
After importing, you should see "webprotege" appear in the realm dropdown, indicating successful configuration.
Important for macOS users: Before starting the services, you need to modify the Docker Compose configuration to avoid port conflicts. macOS uses port 5000 for AirPlay Receiver by default.
Port modification steps:
- Open the
docker-compose.ymlfile in a text editor - Navigate to approximately line 320-321 in the logstash section
- Change the port mapping from
5000:5000to5001:5000(or any other 500x port like 5002, 5003, etc.) - Save the file
Example change:
# Before (line 320-321):
ports:
- "5000:5000/tcp"
- "5000:5000/udp"
# After:
ports:
- "5001:5000/tcp"
- "5001:5000/udp"Now that Keycloak is configured, start the complete WebProtégé application stack:
docker compose upWhat this command does:
- Starts all services defined in the Docker Compose file
- Includes the database, backend services, frontend, and any other required components
- Runs in foreground mode, showing logs from all services
Startup time: Initial startup may take several minutes as Docker downloads images and initializes databases. Watch the logs for "ready" or "started" messages from each service.
Open your web browser and go to:
http://webprotege-local.edu
Important: Use the custom domain you configured in your hosts file, not localhost. This ensures proper cookie handling and authentication flow between WebProtégé and Keycloak.
You should see the WebProtégé sign-in page with options to log in or register a new account.
Since this is your first time using WebProtégé, create a new account:
-
Click "Register" on the login page
-
Fill out the registration form with:
- Username: Choose a unique username (e.g., your email or preferred handle)
- Password: A strong password following any displayed requirements
- Confirm Password: Re-enter your password
- Email: Your email address (required for account verification and notifications)
- First/Last Name: Your display name within WebProtégé
-
Click "Register"
After registration, sign in using your newly created credentials:
- Enter your username/email and password
- Click "Sign In"
Successful login indicators:
- Redirect to the WebProtégé home page
- Your username appears in the top navigation
- You see options to create or access ontology projects
After completing these steps, you should see the WebProtégé home page, which typically includes:
- Project dashboard: View and manage your ontology projects
- Create project button: Start new ontology development projects
- User profile access: Manage your account settings
- Navigation menu: Access different WebProtégé features
Common next steps:
- Create your first ontology project
- Import existing ontology files
- Explore WebProtégé documentation and tutorials
- Configure project-specific settings and collaborator access
Port conflicts: If port 8080 is already in use, modify the Docker Compose configuration to use alternative ports.
Permission errors: Ensure your user has permissions to modify the hosts file and run Docker commands.
Service startup failures: Check Docker logs for specific error messages and ensure all required files are present in the webprotege-deploy directory.
Authentication issues: Verify the realm was imported correctly in Keycloak and that the SERVER_HOST environment variable matches your hosts file entry.