{"id":3394,"date":"2025-10-13T19:08:46","date_gmt":"2025-10-13T19:08:46","guid":{"rendered":"https:\/\/www.devopsconsulting.in\/blog\/?p=3394"},"modified":"2025-10-23T08:54:26","modified_gmt":"2025-10-23T08:54:26","slug":"how-to-run-keycloak-in-production-with-apache-and-systemd-step-by-step-guide","status":"publish","type":"post","link":"https:\/\/www.devopsconsulting.in\/blog\/how-to-run-keycloak-in-production-with-apache-and-systemd-step-by-step-guide\/","title":{"rendered":"How to Run Keycloak in Production with Apache and Systemd (Step-by-Step Guide)"},"content":{"rendered":"\n<p><strong>Keycloak Production Deployment (Apache reverse proxy, systemd, MariaDB)<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">0) Overview &amp; Assumptions<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OS: Ubuntu\/Debian\u2013like (systemd available)<\/li>\n\n\n\n<li>Web: Apache (LAMPP is fine)<\/li>\n\n\n\n<li>DB: MariaDB\/MySQL on the same host<\/li>\n\n\n\n<li>Public host: <code>auth.holidaylandmark.com<\/code><\/li>\n\n\n\n<li>Local Keycloak install dir: <code>\/opt\/auth.holidaylandmark.com<\/code><\/li>\n\n\n\n<li>Keycloak listens <strong>only on localhost:8080<\/strong>; Apache serves 80\/443<\/li>\n\n\n\n<li>Your other PHP projects in <code>\/opt\/lampp\/htdocs<\/code> remain unaffected<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">1) Install prerequisites (once)<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt update\nsudo apt install -y openjdk-21-jre-headless mariadb-server apache2\n# Optional (if you\u2019ll enable HTTPS now)\nsudo apt install -y certbot python3-certbot-apache\n<\/code><\/pre>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><strong>Why<\/strong>: Java 21 is recommended; Apache fronts Keycloak; MariaDB stores realms\/users.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">2) Database: create schema &amp; user (least privilege)<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo mysql -e \"CREATE DATABASE keycloak CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;\"\nsudo mysql -e \"CREATE USER 'kc_user'@'localhost' IDENTIFIED BY 'REPLACE_Strong_DB_Password!';\"\nsudo mysql -e \"GRANT ALL PRIVILEGES ON keycloak.* TO 'kc_user'@'localhost'; FLUSH PRIVILEGES;\"\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">3) Install Keycloak under \/opt (not under htdocs)<\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>If you already extracted Keycloak and placed files under <code>\/opt\/auth.holidaylandmark.com<\/code>, skip to Step 4.<\/p>\n<\/blockquote>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo mkdir -p \/opt\/auth.holidaylandmark.com\n# Copy\/unzip your Keycloak distribution into this folder so that:\n#  \/opt\/auth.holidaylandmark.com\/bin\/kc.sh   exists\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">4) Create a dedicated service user and set ownership<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>id keycloak || sudo useradd --system --home \/opt\/auth.holidaylandmark.com --shell \/usr\/sbin\/nologin --user-group keycloak\nsudo chown -R keycloak:keycloak \/opt\/auth.holidaylandmark.com\nsudo chmod +x \/opt\/auth.holidaylandmark.com\/bin\/kc.sh\n<\/code><\/pre>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><strong>Why<\/strong>: Run as non-root for security. The <code>keycloak<\/code> user will own only its folder.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">5) Configure Keycloak (conf\/keycloak.conf)<\/h2>\n\n\n\n<p>Create or edit <code>\/opt\/auth.holidaylandmark.com\/conf\/keycloak.conf<\/code>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># ---------- Database ----------\ndb=mariadb\ndb-url=jdbc:mariadb:\/\/127.0.0.1:3306\/keycloak\ndb-username=kc_user\ndb-password=REPLACE_Strong_DB_Password!\ndb-pool-initial-size=5\ndb-pool-min-idle=5\ndb-pool-max-size=25\ndb-pool-prefill=true\n\n# ---------- HTTP \/ Proxy ----------\nhttp-enabled=true\nhttp-port=8080\nproxy=edge\nproxy-headers=xforwarded\n\n# ---------- Public Hostname ----------\nhostname=auth.holidaylandmark.com\nhostname-strict=true\nhostname-strict-backchannel=true\n\n# If you want Keycloak under a path instead of domain root:\n# http-relative-path=\/auth\n\n# ---------- Cache\/health\/logging ----------\ncache=local\nhealth-enabled=true\nmetrics-enabled=true\nlog-level=INFO\nhostname-debug=false\n<\/code><\/pre>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><strong>Why<\/strong>: <code>proxy=edge<\/code> because Apache terminates HTTP(S) and talks HTTP to Keycloak locally.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">6) Bootstrap the temporary admin (first-time only)<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -u keycloak \/opt\/auth.holidaylandmark.com\/bin\/kc.sh bootstrap-admin user --username abhishek --password abhi\n<\/code><\/pre>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><strong>Tip<\/strong>: After the first login, create a permanent admin and disable\/delete this bootstrap account.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">7) Create the systemd service (auto-start on boot)<\/h2>\n\n\n\n<p>Create <code>\/etc\/systemd\/system\/keycloak.service<\/code> <strong>exactly<\/strong> like your working version:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;Unit]\nDescription=Keycloak Server\nAfter=network.target mariadb.service mysql.service\n\n&#91;Service]\nType=simple\nUser=keycloak\nGroup=keycloak\nWorkingDirectory=\/opt\/auth.holidaylandmark.com\nExecStart=\/opt\/auth.holidaylandmark.com\/bin\/kc.sh start  --optimized\nExecStop=\/opt\/auth.holidaylandmark.com\/bin\/kc.sh stop\nRestart=on-failure\nRestartSec=5\nTimeoutSec=600\nEnvironment=\"JAVA_OPTS=-Xms512m -Xmx2048m\"\n# (Optional hardening)\n# NoNewPrivileges=true\n# ProtectSystem=strict\n# ProtectHome=true\n# ReadWritePaths=\/opt\/auth.holidaylandmark.com\n\n&#91;Install]\nWantedBy=multi-user.target\n<\/code><\/pre>\n\n\n\n<p>Enable and start:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl daemon-reload\nsudo systemctl enable keycloak\nsudo systemctl start keycloak\nsudo systemctl status keycloak\nsudo systemctl restart keycloak\n<\/code><\/pre>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Expect <strong>Active: active (running)<\/strong>. If not, see Troubleshooting at the end.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">8) Apache: reverse proxy the domain to localhost:8080<\/h2>\n\n\n\n<p><strong>VirtualHost for HTTP (port 80)<\/strong>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;VirtualHost *:80&gt;\n  ServerName auth.holidaylandmark.com\n\n  ProxyPreserveHost On\n  RequestHeader set X-Forwarded-Proto \"http\"\n  RequestHeader set X-Forwarded-Host  \"auth.holidaylandmark.com\"\n  RequestHeader set X-Forwarded-Port  \"80\"\n\n  ProxyPass        \/ http:\/\/127.0.0.1:8080\/\n  ProxyPassReverse \/ http:\/\/127.0.0.1:8080\/\n\n  ProxyTimeout 120\n&lt;\/VirtualHost&gt;\n<\/code><\/pre>\n\n\n\n<p>Enable modules\/site &amp; reload Apache:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo a2enmod proxy proxy_http headers\nsudo a2ensite auth.holidaylandmark.com.conf   # if you saved as such\nsudo systemctl reload apache2                 # LAMPP: \/opt\/lampp\/lampp restartapache\n<\/code><\/pre>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><strong>Path-based option<\/strong> (to keep a PHP site at <code>\/<\/code> and Keycloak under <code>\/auth<\/code>):<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>In <code>keycloak.conf<\/code>: <code>http-relative-path=\/auth<\/code><\/li>\n\n\n\n<li>In Apache vhost:<br><code>ProxyPass \/auth http:\/\/127.0.0.1:8080\/auth<\/code><br><code>ProxyPassReverse \/auth http:\/\/127.0.0.1:8080\/auth<\/code><\/li>\n<\/ul>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">9) (Recommended) Enable HTTPS<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo certbot --apache -d auth.holidaylandmark.com\n<\/code><\/pre>\n\n\n\n<p>Ensure the HTTPS vhost forwards correct headers:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>RequestHeader set X-Forwarded-Proto \"https\"\nRequestHeader set X-Forwarded-Host  \"auth.holidaylandmark.com\"\nRequestHeader set X-Forwarded-Port  \"443\"\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">10) Verify end-to-end<\/h2>\n\n\n\n<p><strong>Service running:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl status keycloak\n<\/code><\/pre>\n\n\n\n<p><strong>Keycloak reachable locally:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>curl -I http:\/\/127.0.0.1:8080\/\n<\/code><\/pre>\n\n\n\n<p><strong>Open in browser:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>http:&#47;&#47;auth.holidaylandmark.com\/admin\/master\/console\/\n# or https:\/\/... if you enabled TLS\n<\/code><\/pre>\n\n\n\n<p><strong>Login with your temp admin:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Username: abhishek\nPassword: abhi\n<\/code><\/pre>\n\n\n\n<p>Create a permanent admin, then disable\/delete the bootstrap user.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">11) Backups, updates, and operations<\/h2>\n\n\n\n<p><strong>Backups<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>DB: nightly <code>mysqldump keycloak<\/code> (keep 7\u201314 days).<\/li>\n\n\n\n<li>Config: <code>\/opt\/auth.holidaylandmark.com\/conf\/<\/code>, <code>\/etc\/systemd\/system\/keycloak.service<\/code>, Apache vhost files.<\/li>\n<\/ul>\n\n\n\n<p><strong>Logs<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Keycloak: <code>journalctl -u keycloak -f<\/code><\/li>\n\n\n\n<li>Apache: <code>\/var\/log\/apache2\/access.log<\/code>, <code>\/var\/log\/apache2\/error.log<\/code><\/li>\n<\/ul>\n\n\n\n<p><strong>Health endpoints<\/strong> (behind proxy): <code>\/health\/live<\/code>, <code>\/health\/ready<\/code><\/p>\n\n\n\n<p><strong>Upgrade Keycloak<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><code>sudo systemctl stop keycloak<\/code><\/li>\n\n\n\n<li>Back up <code>\/opt\/auth.holidaylandmark.com\/<\/code> and DB<\/li>\n\n\n\n<li>Extract new Keycloak to a staging folder, copy <code>conf\/<\/code> over<\/li>\n\n\n\n<li>Swap folders or update in place<\/li>\n\n\n\n<li><code>sudo systemctl start keycloak<\/code> \u2192 verify<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">12) Will this break my other LAMPP PHP sites?<\/h2>\n\n\n\n<p><strong>No<\/strong>\u2014as long as:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Keycloak is proxied only on the <strong><code>auth.holidaylandmark.com<\/code><\/strong> vhost (or <code>\/auth<\/code> path)<\/li>\n\n\n\n<li>You <strong>don\u2019t<\/strong> put a global <code>ProxyPass \/ ...<\/code> in <code>httpd.conf<\/code><\/li>\n\n\n\n<li>Your PHP sites continue serving from <code>\/opt\/lampp\/htdocs<\/code> via their own vhosts\/DocumentRoots<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Troubleshooting (quick reference)<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Symptom<\/th><th>Likely Cause<\/th><th>Fix<\/th><\/tr><\/thead><tbody><tr><td><code>Active: failed (status=217\/USER)<\/code><\/td><td><code>keycloak<\/code> user missing, wrong paths, or no execute bit<\/td><td>Create user, <code>chown -R keycloak:keycloak \/opt\/auth.holidaylandmark.com<\/code>, <code>chmod +x bin\/kc.sh<\/code>, check unit paths, <code>daemon-reload<\/code><\/td><\/tr><tr><td>Apache 503<\/td><td>Keycloak not running or wrong proxy<\/td><td><code>systemctl status keycloak<\/code>; <code>curl -I 127.0.0.1:8080<\/code>; verify vhost headers and ProxyPass<\/td><\/tr><tr><td>Redirects show <code>:8080<\/code><\/td><td>Missing proxy headers or hostname mismatch<\/td><td>In <code>keycloak.conf<\/code>: <code>hostname=auth.holidaylandmark.com<\/code>, <code>proxy=edge<\/code>, <code>proxy-headers=xforwarded<\/code>; Apache sends <code>X-Forwarded-*<\/code><\/td><\/tr><tr><td>\u201cLocal access required\u201d banner<\/td><td>Admin not bootstrapped or accessed via non-localhost before first admin<\/td><td>Run <code>kc.sh bootstrap-admin ...<\/code>, restart; or access via SSH tunnel once<\/td><\/tr><tr><td>Port 8080 in use<\/td><td>Another process bound<\/td><td><code>sudo lsof -i :8080<\/code> \u2192 kill process or change Keycloak port<\/td><\/tr><tr><td>DB errors (e.g., unknown column)<\/td><td>Old\/partial schema, insufficient privileges<\/td><td>Use a fresh <code>keycloak<\/code> DB; ensure user has full privileges; let Liquibase init<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><strong>Get detailed logs:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo journalctl -u keycloak -b --no-pager -n 200\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">(Optional) Minimal \u201cgolden\u201d commands to re-create quickly<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code># Create user &amp; own folder\nid keycloak || sudo useradd --system --home \/opt\/auth.holidaylandmark.com --shell \/usr\/sbin\/nologin --user-group keycloak\nsudo chown -R keycloak:keycloak \/opt\/auth.holidaylandmark.com\nsudo chmod +x \/opt\/auth.holidaylandmark.com\/bin\/kc.sh\n\n# Bootstrap admin (first time only)\nsudo -u keycloak \/opt\/auth.holidaylandmark.com\/bin\/kc.sh bootstrap-admin user --username abhishek --password abhi\n\n# Install service\nsudo systemctl daemon-reload\nsudo systemctl enable keycloak\nsudo systemctl start keycloak\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Keycloak Production Deployment (Apache reverse proxy, systemd, MariaDB) 0) Overview &amp; Assumptions 1) Install prerequisites (once) Why: Java 21 is recommended; Apache fronts Keycloak; MariaDB stores realms\/users&#8230;. <\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3394","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to Run Keycloak in Production with Apache and Systemd (Step-by-Step Guide) - DevOps Consulting<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.devopsconsulting.in\/blog\/how-to-run-keycloak-in-production-with-apache-and-systemd-step-by-step-guide\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Run Keycloak in Production with Apache and Systemd (Step-by-Step Guide) - DevOps Consulting\" \/>\n<meta property=\"og:description\" content=\"Keycloak Production Deployment (Apache reverse proxy, systemd, MariaDB) 0) Overview &amp; Assumptions 1) Install prerequisites (once) Why: Java 21 is recommended; Apache fronts Keycloak; MariaDB stores realms\/users....\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.devopsconsulting.in\/blog\/how-to-run-keycloak-in-production-with-apache-and-systemd-step-by-step-guide\/\" \/>\n<meta property=\"og:site_name\" content=\"DevOps Consulting\" \/>\n<meta property=\"article:published_time\" content=\"2025-10-13T19:08:46+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-23T08:54:26+00:00\" \/>\n<meta name=\"author\" content=\"Abhishek Singh\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Abhishek Singh\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.devopsconsulting.in\\\/blog\\\/how-to-run-keycloak-in-production-with-apache-and-systemd-step-by-step-guide\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.devopsconsulting.in\\\/blog\\\/how-to-run-keycloak-in-production-with-apache-and-systemd-step-by-step-guide\\\/\"},\"author\":{\"name\":\"Abhishek Singh\",\"@id\":\"https:\\\/\\\/www.devopsconsulting.in\\\/blog\\\/#\\\/schema\\\/person\\\/fc397ba8be42f9fdd53450edfc73006f\"},\"headline\":\"How to Run Keycloak in Production with Apache and Systemd (Step-by-Step Guide)\",\"datePublished\":\"2025-10-13T19:08:46+00:00\",\"dateModified\":\"2025-10-23T08:54:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.devopsconsulting.in\\\/blog\\\/how-to-run-keycloak-in-production-with-apache-and-systemd-step-by-step-guide\\\/\"},\"wordCount\":448,\"commentCount\":0,\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.devopsconsulting.in\\\/blog\\\/how-to-run-keycloak-in-production-with-apache-and-systemd-step-by-step-guide\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.devopsconsulting.in\\\/blog\\\/how-to-run-keycloak-in-production-with-apache-and-systemd-step-by-step-guide\\\/\",\"url\":\"https:\\\/\\\/www.devopsconsulting.in\\\/blog\\\/how-to-run-keycloak-in-production-with-apache-and-systemd-step-by-step-guide\\\/\",\"name\":\"How to Run Keycloak in Production with Apache and Systemd (Step-by-Step Guide) - DevOps Consulting\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.devopsconsulting.in\\\/blog\\\/#website\"},\"datePublished\":\"2025-10-13T19:08:46+00:00\",\"dateModified\":\"2025-10-23T08:54:26+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.devopsconsulting.in\\\/blog\\\/#\\\/schema\\\/person\\\/fc397ba8be42f9fdd53450edfc73006f\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.devopsconsulting.in\\\/blog\\\/how-to-run-keycloak-in-production-with-apache-and-systemd-step-by-step-guide\\\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.devopsconsulting.in\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.devopsconsulting.in\\\/blog\\\/\",\"name\":\"DevOps Consulting\",\"description\":\"DevOps Consulting | SRE Consulting | DevSecOps Consulting | MLOps Consulting\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.devopsconsulting.in\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.devopsconsulting.in\\\/blog\\\/#\\\/schema\\\/person\\\/fc397ba8be42f9fdd53450edfc73006f\",\"name\":\"Abhishek Singh\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/790feefe779852cdf344ca7318bf6c13832223c9b3c6bf4d217658412041026d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/790feefe779852cdf344ca7318bf6c13832223c9b3c6bf4d217658412041026d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/790feefe779852cdf344ca7318bf6c13832223c9b3c6bf4d217658412041026d?s=96&d=mm&r=g\",\"caption\":\"Abhishek Singh\"},\"description\":\"I\u2019m Abhishek, a DevOps, SRE, DevSecOps, and Cloud expert with a passion for sharing knowledge and real-world experiences. I\u2019ve had the opportunity to work with Cotocus and continue to contribute to multiple platforms where I share insights across different domains: \u2022 DevOps School \u2013 Tech blogs and tutorials \u2022 Holiday Landmark \u2013 Travel stories and guides \u2022 Stocks Mantra \u2013 Stock market strategies and tips \u2022 My Medic Plus \u2013 Health and fitness guidance \u2022 TrueReviewNow \u2013 Honest product reviews \u2022 Wizbrand \u2013 SEO and digital tools for businesses I\u2019m also exploring the fascinating world of Quantum Computing.\",\"url\":\"https:\\\/\\\/www.devopsconsulting.in\\\/blog\\\/author\\\/abhishek\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Run Keycloak in Production with Apache and Systemd (Step-by-Step Guide) - DevOps Consulting","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.devopsconsulting.in\/blog\/how-to-run-keycloak-in-production-with-apache-and-systemd-step-by-step-guide\/","og_locale":"en_US","og_type":"article","og_title":"How to Run Keycloak in Production with Apache and Systemd (Step-by-Step Guide) - DevOps Consulting","og_description":"Keycloak Production Deployment (Apache reverse proxy, systemd, MariaDB) 0) Overview &amp; Assumptions 1) Install prerequisites (once) Why: Java 21 is recommended; Apache fronts Keycloak; MariaDB stores realms\/users....","og_url":"https:\/\/www.devopsconsulting.in\/blog\/how-to-run-keycloak-in-production-with-apache-and-systemd-step-by-step-guide\/","og_site_name":"DevOps Consulting","article_published_time":"2025-10-13T19:08:46+00:00","article_modified_time":"2025-10-23T08:54:26+00:00","author":"Abhishek Singh","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Abhishek Singh","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.devopsconsulting.in\/blog\/how-to-run-keycloak-in-production-with-apache-and-systemd-step-by-step-guide\/#article","isPartOf":{"@id":"https:\/\/www.devopsconsulting.in\/blog\/how-to-run-keycloak-in-production-with-apache-and-systemd-step-by-step-guide\/"},"author":{"name":"Abhishek Singh","@id":"https:\/\/www.devopsconsulting.in\/blog\/#\/schema\/person\/fc397ba8be42f9fdd53450edfc73006f"},"headline":"How to Run Keycloak in Production with Apache and Systemd (Step-by-Step Guide)","datePublished":"2025-10-13T19:08:46+00:00","dateModified":"2025-10-23T08:54:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.devopsconsulting.in\/blog\/how-to-run-keycloak-in-production-with-apache-and-systemd-step-by-step-guide\/"},"wordCount":448,"commentCount":0,"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.devopsconsulting.in\/blog\/how-to-run-keycloak-in-production-with-apache-and-systemd-step-by-step-guide\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.devopsconsulting.in\/blog\/how-to-run-keycloak-in-production-with-apache-and-systemd-step-by-step-guide\/","url":"https:\/\/www.devopsconsulting.in\/blog\/how-to-run-keycloak-in-production-with-apache-and-systemd-step-by-step-guide\/","name":"How to Run Keycloak in Production with Apache and Systemd (Step-by-Step Guide) - DevOps Consulting","isPartOf":{"@id":"https:\/\/www.devopsconsulting.in\/blog\/#website"},"datePublished":"2025-10-13T19:08:46+00:00","dateModified":"2025-10-23T08:54:26+00:00","author":{"@id":"https:\/\/www.devopsconsulting.in\/blog\/#\/schema\/person\/fc397ba8be42f9fdd53450edfc73006f"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.devopsconsulting.in\/blog\/how-to-run-keycloak-in-production-with-apache-and-systemd-step-by-step-guide\/"]}]},{"@type":"WebSite","@id":"https:\/\/www.devopsconsulting.in\/blog\/#website","url":"https:\/\/www.devopsconsulting.in\/blog\/","name":"DevOps Consulting","description":"DevOps Consulting | SRE Consulting | DevSecOps Consulting | MLOps Consulting","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.devopsconsulting.in\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.devopsconsulting.in\/blog\/#\/schema\/person\/fc397ba8be42f9fdd53450edfc73006f","name":"Abhishek Singh","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/790feefe779852cdf344ca7318bf6c13832223c9b3c6bf4d217658412041026d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/790feefe779852cdf344ca7318bf6c13832223c9b3c6bf4d217658412041026d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/790feefe779852cdf344ca7318bf6c13832223c9b3c6bf4d217658412041026d?s=96&d=mm&r=g","caption":"Abhishek Singh"},"description":"I\u2019m Abhishek, a DevOps, SRE, DevSecOps, and Cloud expert with a passion for sharing knowledge and real-world experiences. I\u2019ve had the opportunity to work with Cotocus and continue to contribute to multiple platforms where I share insights across different domains: \u2022 DevOps School \u2013 Tech blogs and tutorials \u2022 Holiday Landmark \u2013 Travel stories and guides \u2022 Stocks Mantra \u2013 Stock market strategies and tips \u2022 My Medic Plus \u2013 Health and fitness guidance \u2022 TrueReviewNow \u2013 Honest product reviews \u2022 Wizbrand \u2013 SEO and digital tools for businesses I\u2019m also exploring the fascinating world of Quantum Computing.","url":"https:\/\/www.devopsconsulting.in\/blog\/author\/abhishek\/"}]}},"_links":{"self":[{"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/posts\/3394","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/comments?post=3394"}],"version-history":[{"count":2,"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/posts\/3394\/revisions"}],"predecessor-version":[{"id":3473,"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/posts\/3394\/revisions\/3473"}],"wp:attachment":[{"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/media?parent=3394"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/categories?post=3394"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/tags?post=3394"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}