This article describes how to configure the hostname for the Keycloak server. By default, the hostname is the value of the hostname option in the Keycloak configuration file. However, you can set a different hostname for the Keycloak server using the hostname-admin or hostname-admin-url options.
The default hostname for the Keycloak server is the value of the hostname option in the Keycloak configuration file. You can also set this option at start-up. For example:
./kc.sh start-dev --hostname=fedora
Besides, you can set a different hostname for the Keycloak server using the hostname-admin or hostname-admin-url options.
- The
hostname-adminoption specifies the hostname for the administration console. - The
hostname-admin-urloption specifies the base URL for the administration console, including the scheme, host, port, and path.
If you are using a proxy to access the Keycloak server, you may need to set the hostname-path or hostname-port options to specify the path or port that the proxy is using. In general terms, it is recommended to use a reverse proxy to secure the administration endpoints and restrict public access.
Finally, tThe hostname-strict option disables dynamically resolving the hostname from request headers. This should always be set to true in production, unless the proxy verifies the Host header.
How to troubleshoot Keycloak Hostname
In order to troubleshoot the Hostname configuration you can activate the hostname-debug option which is available since Keycloak 22.0
For example:
./kc.sh start-dev --hostname=fedora --hostname-debug=true
Then, you can access the hostname-debug endpoint for a Keycloak Domain. For example, to access this endpoint from the master Realm access http://localhost:8080/realms/master/hostname-debug
Conclusion
Overall, we have emphasized the importance of configuring the hostname in Keycloak to optimize the server’s functionality and enhance security.
