By default, Keycloak runs on port 8080. If this port is already occupied by another service or if you want to customize the port for Keycloak, you can easily change it by modifying its configuration. This guide walks you through the steps to change the port of Keycloak.
1. Locate Keycloak Configuration Files
Keycloak’s port configuration is located in the standalone.xml (or standalone-ha.xml for high availability) file. This file is part of the Keycloak server configuration and can be found under the standalone/configuration directory.
Can’t find standalone.xml
Navigate to the Keycloak installation directory and locate the configuration file:
cd /opt/keycloak/standalone/configuration
2. Modify the Port in the Configuration
Open the standalone.xml configuration file in a text editor:
How to Change the Port in Keycloak: Old vs. New Versions
sudo nano standalone.xml
Look for the following section in the <subsystem xmlns=”urn:jboss:domain:undertow:3.0″> block. This section contains the HTTP listener configuration:
<http-listener name="default" socket-binding="http"/>
Find the <socket-binding> tag, which usually points to port 8080:
<socket-binding name="http" port="8080"/>
Change the port attribute to the desired port number, for example:
<socket-binding name="http" port="9090"/>
Save and close the file after editing.
3. Update the Keycloak Bindings
If you’re using Keycloak with SSL, you will also need to update the SSL port binding. Look for the <https-listener> tag and change the port attribute similarly.
<https-listener name="https" socket-binding="https"/>
Modify the port as needed, for example:
<https-listener name="https" socket-binding="8443"/>
Additionally, update the associated <socket-binding> tag:
<socket-binding name="https" port="8443"/>
4. Restart Keycloak
After changing the configuration, restart the Keycloak server to apply the changes:
sudo systemctl restart keycloak
5. Verify the Change
Once Keycloak has restarted, it should be accessible at the new port. Open your browser and navigate to:
http://localhost:9090
You should see the Keycloak login page or admin console (depending on your setup) at the new port.
6. Troubleshooting
If you encounter issues after changing the port, consider the following checks:
- Ensure the new port is open and not blocked by any firewall or network security settings.
- Check for any other services that may be using the same port.
- Verify Keycloak’s logs for any errors related to port binding.
7. Conclusion
Changing the port of Keycloak is a simple process and can help avoid port conflicts or meet specific requirements. By following the steps above, you can easily customize the port settings of your Keycloak instance and ensure smooth operation behind your desired port configuration.