# Basic settings for running in production. Change accordingly before deploying the server. # Database # The database vendor. #db=postgres # The username of the database user. #db-username=keycloak # The password of the database user. #db-password=password # The full database JDBC URL. If not provided, a default URL is set based on the selected database vendor. #db-url=jdbc:postgresql://localhost/keycloak # Observability # If the server should expose healthcheck endpoints. #health-enabled=true # If the server should expose metrics endpoints. #metrics-enabled=true # HTTP # The file path to a server certificate or certificate chain in PEM format. #https-certificate-file=${kc.home.dir}conf/server.crt.pem # The file path to a private key in PEM format. #https-certificate-key-file=${kc.home.dir}conf/server.key.pem # The proxy address forwarding mode if the server is behind a reverse proxy. # 'proxy' is deprecated, see: https://www.keycloak.org/docs/latest/upgrading/index.html#deprecated-proxy-option # Deprecated usage New usage # kc.sh --proxy none kc.sh # kc.sh --proxy edge kc.sh --proxy-headers forwarded|xforwarded --http-enabled true # kc.sh --proxy passthrough kc.sh --hostname-port 80|443 (depending if HTTPS is used) # kc.sh --proxy reencrypt kc.sh --proxy-headers forwarded|xforwarded # For hardened security, the --proxy-headers option does not allow selecting # both forwarded and xforwarded values at the same time (as it was the case # before for --proxy edge and --proxy reencrypt). # When using the proxy headers option, make sure your reverse proxy properly # sets and overwrites the Forwarded or X-Forwarded-* headers respectively. # To set these headers, consult the documentation for your reverse proxy. # Misconfiguration will leave Keycloak exposed to security vulnerabilities. #proxy-headers=xforwarded #http-enabled=true # Do not attach route to cookies and rely on the session affinity capabilities from reverse proxy #spi-sticky-session-encoder-infinispan-should-attach-route=false # Hostname for the Keycloak server. # see https://www.keycloak.org/server/hostname #hostname=myhostname # Enables a set of one or more features. # see https://www.keycloak.org/server/features #features="[,]"