Best Cosmetic Hospitals Near You

Compare top cosmetic hospitals, aesthetic clinics & beauty treatments by city.

Trusted • Verified • Best-in-Class Care

Explore Best Hospitals

Setting Up Keycloak in Production with Apache Reverse Proxy: A Step-by-Step Guide

Here’s a step-by-step guide to set up Keycloak in a production environment with Apache acting as a reverse proxy for auth.holidaylandmark.com.


Step 1: Prepare Keycloak Configuration

1.1 Keycloak Configuration (keycloak.conf)

  1. Locate the Keycloak Configuration File:
    • In your Keycloak installation folder, go to conf/ and open (or create) keycloak.conf.
  2. Configure Database Connection:
    Replace the database settings with your own MariaDB credentials. db=mariadb db-url=jdbc:mariadb://localhost:3306/keycloak_db?localSocket=/opt/lampp/var/mysql/mysql.sock db-username=root db-password=Hgjngfjnfs db-pool-initial-size=5 db-pool-min-idle=5 db-pool-max-size=25 db-pool-prefill=true
  3. Configure Reverse Proxy (Apache):
    Set http-enabled=true (Keycloak listens on 8080, but Apache terminates TLS). http-enabled=true http-port=8080 proxy=reencrypt proxy-headers=xforwarded
  4. Set Hostname and Security Settings:
    Configure Keycloak’s hostname, strict mode for production, and backend checks. hostname=auth.holidaylandmark.com hostname-strict=true hostname-strict-backchannel=true
  5. Enable Health Checks and Metrics:
    Enable health and monitoring endpoints. health-enabled=true metrics-enabled=true
  6. Disable Debugging and Set Log Level:
    Keep logging level as INFO and disable hostname debugging. log-level=INFO hostname-debug=false
  7. Finalize Configuration File:
    Your final keycloak.conf should look like this: # =============================== # Keycloak Production Config # Reverse-proxied by Apache (LAMPP) # Hostname: auth.holidaylandmark.com # =============================== db=mariadb db-url=jdbc:mariadb://localhost:3306/keycloak_db?localSocket=/opt/lampp/var/mysql/mysql.sock db-username=root db-password=Hgjngfjnfs db-pool-initial-size=5 db-pool-min-idle=5 db-pool-max-size=25 db-pool-prefill=true http-enabled=true http-port=8080 proxy=reencrypt proxy-headers=xforwarded hostname=auth.holidaylandmark.com hostname-strict=true hostname-strict-backchannel=true cache=local health-enabled=true metrics-enabled=true log-level=INFO hostname-debug=false

1.2 Set Up Keycloak Admin User (First-Time Setup)

  1. Export the Environment Variables:
    Run these commands to set up the admin credentials (use only for the first run): export KEYCLOAK_ADMIN=admin1 export KEYCLOAK_ADMIN_PASSWORD='Admin#1234'
  2. Start Keycloak:
    Run the following command to start Keycloak for the first time: bin/kc.sh start --optimized After the first start, delete or unset the environment variables to avoid reusing them in production: unset KEYCLOAK_ADMIN unset KEYCLOAK_ADMIN_PASSWORD

Step 2: Configure Apache as Reverse Proxy

2.1 Edit Apache Virtual Host for HTTPS

  1. Edit the Apache Configuration:
    Open your Apache virtual host configuration file (httpd-vhosts.conf or extra/httpd-vhosts.conf): sudo nano /opt/lampp/etc/extra/httpd-vhosts.conf
  2. Set Up SSL (HTTPS):
    Add the following configuration to create a virtual host for auth.holidaylandmark.com: <VirtualHost *:443> ServerName auth.holidaylandmark.com # Enable SSL SSLEngine on SSLCertificateFile /opt/lampp/etc/certs/auth.holidaylandmark.com/auth.holidaylandmark.com.cer SSLCertificateKeyFile /opt/lampp/etc/certs/auth.holidaylandmark.com/auth.holidaylandmark.com.key # Proxy to Keycloak (HTTP :8080) ProxyRequests Off ProxyPass / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/ # Forward client IP/Proto to Keycloak RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Host "auth.holidaylandmark.com" RequestHeader set X-Forwarded-Port "443" # Optional: additional security headers Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" </VirtualHost>
  3. Restart Apache:
    After saving the file, restart Apache to apply changes: sudo /opt/lampp/lampp restartapache

Step 3: Start Keycloak in Production

  1. Build Keycloak for Production:
    Keycloak should be started with the --optimized flag in production, ensuring it’s properly configured for performance and security: bin/kc.sh start --optimized
  2. Verify Keycloak:
    Open a browser and visit https://auth.holidaylandmark.com to ensure that Keycloak is accessible and properly configured. Log in using the admin credentials set earlier.

Step 4: Post-Setup Configuration

  1. Access Keycloak Admin Console:
    Log into the Keycloak Admin Console at: https://auth.holidaylandmark.com/auth/admin
  2. Create Clients, Realms, and Users:
    Set up your clients, realms, and users via the Keycloak Admin Console. Customize the identity provider, authentication flows, and any other configuration necessary for your application.

Step 5: Verify and Test

  1. Verify HTTPS Works:
    Ensure that your website is only accessible via HTTPS and not HTTP. If the HTTP port (80) is accessible, it is a potential security vulnerability.
  2. Test Database Connectivity:
    Ensure that Keycloak can connect to the MariaDB database (use a MySQL client to verify the database is operational).
  3. Test Admin Login:
    Use the admin credentials to access the Keycloak Admin Console and verify that everything is configured properly.

Full keycloak.conf Configuration:

# ===============================
# Keycloak Production Config
# Reverse-proxied by Apache (LAMPP)
# Hostname: auth.holidaylandmark.com
# ===============================

# -------------------------------
# Database (MariaDB / MySQL)
# -------------------------------
# Use MariaDB driver (works with MySQL too)
db=mariadb
# Use local UNIX socket via MariaDB driver
db-url=jdbc:mariadb://localhost:3306/keycloak_db?localSocket=/opt/lampp/var/mysql/mysql.sock
db-username=root
db-password=Hgjngfjnfs

# Connection Pool (tune as needed)
db-pool-initial-size=5
db-pool-min-idle=5
db-pool-max-size=25
db-pool-prefill=true

# -------------------------------
# HTTP / Proxy
# -------------------------------
# Keycloak listens on 0.0.0.0:8080 (no TLS here; Apache handles TLS)
http-enabled=true
http-port=8080
# Make Keycloak respect X-Forwarded-* from Apache
proxy=reencrypt
proxy-headers=xforwarded

# -------------------------------
# Hostname
# -------------------------------
hostname=auth.holidaylandmark.com
hostname-strict=true
hostname-strict-backchannel=true
# If you want admin console on same host (default):
# hostname-admin=auth.holidaylandmark.com

# Optional: if you serve Keycloak under a path, uncomment and adjust:
# http-relative-path=/auth

# -------------------------------
# Caching (single-node)
# -------------------------------
cache=local
# For multi-node, you'd configure Infinispan + a cluster stack instead.

# -------------------------------
# Health / Metrics
# -------------------------------
health-enabled=true
metrics-enabled=true

# -------------------------------
# Logging
# -------------------------------
log-level=INFO
# log-console-output=json

# -------------------------------
# Hardening & misc
# -------------------------------
# Disable verbose hostname debug
hostname-debug=false
# Prevent exposing server details
# quarkus.http.filter.hide-server-header=true

Troubleshooting Tips:

  • Keycloak logs: Check logs for errors or warnings: tail -f standalone/log/server.log
  • Apache logs: Check Apache error logs if something goes wrong with proxying: tail -f /opt/lampp/logs/error_log

Conclusion

By following this guide, you’ll have a secure, reverse-proxied Keycloak setup running at https://auth.holidaylandmark.com in a production environment with Apache and MariaDB.

Best Cardiac Hospitals Near You

Discover top heart hospitals, cardiology centers & cardiac care services by city.

Advanced Heart Care • Trusted Hospitals • Expert Teams

View Best Hospitals
<p data-start="140" data-end="435">I’m Abhishek, a DevOps, SRE, DevSecOps, and Cloud expert with a passion for sharing knowledge and real-world experiences. I’ve had the opportunity to work with <a class="decorated-link" href="https://www.cotocus.com/" target="_new" rel="noopener" data-start="300" data-end="335">Cotocus</a> and continue to contribute to multiple platforms where I share insights across different domains:</p> <ul data-start="437" data-end="922"> <li data-start="437" data-end="514"> <p data-start="439" data-end="514"><a class="decorated-link" href="https://www.devopsschool.com/" target="_new" rel="noopener" data-start="439" data-end="485">DevOps School</a> – Tech blogs and tutorials</p> </li> <li data-start="515" data-end="599"> <p data-start="517" data-end="599"><a class="decorated-link" href="https://www.holidaylandmark.com/" target="_new" rel="noopener" data-start="517" data-end="569">Holiday Landmark</a> – Travel stories and guides</p> </li> <li data-start="600" data-end="684"> <p data-start="602" data-end="684"><a class="decorated-link" href="https://www.stocksmantra.in/" target="_new" rel="noopener" data-start="602" data-end="647">Stocks Mantra</a> – Stock market strategies and tips</p> </li> <li data-start="685" data-end="764"> <p data-start="687" data-end="764"><a class="decorated-link" href="https://www.mymedicplus.com/" target="_new" rel="noopener" data-start="687" data-end="732">My Medic Plus</a> – Health and fitness guidance</p> </li> <li data-start="765" data-end="841"> <p data-start="767" data-end="841"><a class="decorated-link" href="https://www.truereviewnow.com/" target="_new" rel="noopener" data-start="767" data-end="814">TrueReviewNow</a> – Honest product reviews</p> </li> <li data-start="842" data-end="922"> <p data-start="844" data-end="922"><a class="decorated-link" href="https://www.wizbrand.com/" target="_new" rel="noopener" data-start="844" data-end="881">Wizbrand</a> – SEO and digital tools for businesses</p> </li> </ul> <p data-start="924" data-end="1021">I’m also exploring the fascinating world of <a class="decorated-link" href="https://www.quantumuting.com/" target="_new" rel="noopener" data-start="968" data-end="1018">Quantum Computing</a>.</p>

Related Posts

SCMGalaxy OS for Consultants: How to Generate DevOps Assessment Reports and Transformation Roadmaps

Consultants are often brought into organizations when software delivery is already under pressure. Releases are slow.Deployments are risky.CI/CD pipelines are inconsistent.Security findings appear late.Kubernetes adoption is messy.Developers…

Read More

DevOps Consultants Optimize Deployment Pipelines for Maximum Efficiency

Introduction In today’s fast-paced digital market, the ability to release software reliably and at speed is a primary competitive advantage, yet many organizations remain trapped by brittle,…

Read More

Essential DevOps Consulting Practices for Securing Your CI/CD

Introduction In the modern era of rapid digital transformation, the CI/CD pipeline has become the essential backbone of software delivery, enabling organizations to iterate and deploy at…

Read More

The Guide to Modern CI/CD Pipeline Optimization

Introduction In today’s fast-paced digital market, the speed and reliability of your software delivery are primary drivers of business success, yet many organizations remain hindered by manual,…

Read More

The Ultimate Guide to Stock Market Education for Beginners

The pursuit of financial independence has evolved significantly over the past few decades. Where traditional savings accounts once served as the primary vehicle for wealth preservation, today’s…

Read More

Bridging the Gap: Connecting SEO, Influencer Strategy, and Asset Management

The digital marketing landscape has transformed into an intricate ecosystem where online visibility is no longer defined by search rankings alone. Today, professionals must navigate a convergence…

Read More
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
0
Would love your thoughts, please comment.x
()
x