This article describes how to configure the hostname for the Keycloak server. By default, the hostname is the value of the
hostname option in the Keycloak configuration file. However, you can set a different hostname for the Keycloak server using the
The default hostname for the Keycloak server is the value of the hostname option in the Keycloak configuration file. You can also set this option at start-up. For example:
./kc.sh start-dev --hostname=fedora
Besides, you can set a different hostname for the Keycloak server using the hostname-admin or hostname-admin-url options.
hostname-adminoption specifies the hostname for the administration console.
hostname-admin-urloption specifies the base URL for the administration console, including the scheme, host, port, and path.
If you are using a proxy to access the Keycloak server, you may need to set the
hostname-port options to specify the path or port that the proxy is using. In general terms, it is recommended to use a reverse proxy to secure the administration endpoints and restrict public access.
hostname-strict option disables dynamically resolving the hostname from request headers. This should always be set to
true in production, unless the proxy verifies the
How to troubleshoot Keycloak Hostname
In order to troubleshoot the Hostname configuration you can activate the hostname-debug option which is available since Keycloak 22.0
./kc.sh start-dev --hostname=fedora --hostname-debug=true
Then, you can access the hostname-debug endpoint for a Keycloak Domain. For example, to access this endpoint from the master Realm access http://localhost:8080/realms/master/hostname-debug
Overall, we have emphasized the importance of configuring the hostname in Keycloak to optimize the server’s functionality and enhance security.