Upgrade Keycloak Standalone with Postgres from 16.1.0 to 17.0.0 with custom port behind nginx reverse proxy

What a nightmare.

You’re using keycloak and are upgrading from Wildfly 16.1.0 to Quarkus 17.0.0.
You’re also listening on a non-standard port, that isn’t 8080, but 23232.
You’re using a reverse proxy like nginx for TLS
and Keycloak is connected via plain http with nginx.

Grab your standalone.xml found in /standalone/configuration/standalone.xml
and find your postgres jdbc connection string as well as postgresql username and password.

edit conf/keycloak.conf

db=postgres
db-username=your-username
db-password=your-password
db-url=jdbc:postgresql://localhost:5432/keycloak
metrics-enabled=false
proxy=edge
http-enabled=true
http-relative-path=/auth/
hostname-strict=false
http-port=23232
http-host=localhost

db=postgres

db-username=your-username

db-password=your-password

db-url=jdbc:postgresql://localhost:5432/keycloak

metrics-enabled=false

proxy=edge

http-enabled=true

http-relative-path=/auth/

hostname-strict=false

http-port=23232

http-host=localhost

With this everything should work as before.

You also have to upgrade your Java version to be at least v11. Keycloak 17 won’t run with v8.

Leave a Reply Cancel reply