How to Change the Port in Keycloak: Old vs. New Versions

Keycloak typically runs on port 8080 by default, which might conflict with other services or might need to be changed for specific use cases. Changing the port can be done in both old and new versions of Keycloak, though the methods may differ slightly depending on how Keycloak is installed (standalone server vs. containerized). This article provides step-by-step instructions for changing the port in both older and newer Keycloak versions.

1. Changing the Port in Older Keycloak Versions (Pre-2020)

In older versions of Keycloak (pre-2020), the configuration of Keycloak’s HTTP and HTTPS ports is done via the standalone.xml file. This file is located in the standalone/configuration directory of your Keycloak installation.

Follow these steps to change the port in older versions:

  1. Locate the standalone.xml configuration file. Typically, it is located at: /opt/keycloak/standalone/configuration/standalone.xml
  2. Open the standalone.xml file using a text editor, such as nano:
  3. sudo nano /opt/keycloak/standalone/configuration/standalone.xml
  4. Find the section that defines the HTTP listener. This section looks like this:
  5. <http-listener name=”default” socket-binding=”http”/>
  6. Change the port by updating the <socket-binding> tag:
  7. <socket-binding name=”http” port=”9090″/>
  8. If you’re also changing the HTTPS port, locate the <https-listener> and modify it:
  9. <https-listener name=”https” socket-binding=”https”/>
  10. <socket-binding name=”https” port=”8443″/>
  11. Save the changes and restart Keycloak:
  12. sudo systemctl restart keycloak

2. Changing the Port in Newer Keycloak Versions (Post-2020)

With the newer versions of Keycloak, particularly from 2020 onwards, the configuration method has shifted. The standalone.xml file is no longer the primary configuration method. Instead, Keycloak uses environment variables and the keycloak.conf file (for standalone installations) or environment variables for containerized deployments (e.g., Docker and Kubernetes).

For new Keycloak versions, follow these steps to change the port:

Method 1: Using keycloak.conf (Non-Containerized Setup)

  1. Navigate to the keycloak.conf file located in your Keycloak directory:
  2. cd /opt/keycloak/conf
  3. Edit the keycloak.conf file to include the desired HTTP and HTTPS ports. For example:
  4. http.port=9090
  5. https.port=8443
  6. Save the file and restart Keycloak to apply the changes:
  7. sudo systemctl restart keycloak

Method 2: Using Docker or Kubernetes Environment Variables

If you’re running Keycloak in a Docker container or Kubernetes pod, you can set the port by defining environment variables. Here’s how you can do it:

docker run -e KEYCLOAK_HTTP_PORT=9090 -e KEYCLOAK_HTTPS_PORT=8443 jboss/keycloak

In Kubernetes, you would set the ports in the Pod definition using environment variables or ConfigMaps. Here’s an example for setting it in a Kubernetes configuration:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: keycloak
spec:
  replicas: 1
  template:
    spec:
      containers:
      - name: keycloak
        image: jboss/keycloak
        env:
        - name: KEYCLOAK_HTTP_PORT
          value: "9090"
        - name: KEYCLOAK_HTTPS_PORT
          value: "8443"

3. Troubleshooting

If you encounter issues after changing the port, consider the following:

  • Ensure the new ports are not already in use by other services.
  • Check for firewall or security settings that might be blocking the new port.
  • Verify that Keycloak has restarted properly after the changes.

4. Conclusion

Changing the port in Keycloak varies depending on the version and installation method you’re using. In older versions, you would modify the standalone.xml file, while newer versions rely on environment variables or the keycloak.conf file. By following the appropriate method for your version, you can successfully change the port and avoid any conflicts with other services.