# Basic settings for running in production. Change accordingly before deploying the server.


## Build options

# !!! After changing one of the build options you have to run `rc-service keycloak rebuild` !!!

# The database vendor.
db=postgres

# Defines the cache mechanism for high-availability.
cache=local

# Defines the file from which cache configuration should be loaded from.
#cache-config-file=/etc/keycloak/cache-ispn.xml

# If the server should expose healthcheck endpoints.
health-enabled=true

# If the server should expose metrics endpoints.
#metrics-enabled=false

# Enables a vault provider.
#vault=

# Enables/disabled a set of one or more features.
# See https://www.keycloak.org/server/all-config#category-feature.
#features=
#features-disabled=


## Database

# The username of the database user.
#db-username=keycloak

# The password of the database user.
#db-password=

# The full database JDBC URL. If not provided, a default URL is set based on the selected database vendor.
#db-url=jdbc:postgresql://localhost/keycloak

# The database schema to be used.
#db-schema=

# The initial size of the connection pool.
#db-pool-initial-size=

# The minimal size of the connection pool.
db-pool-min-size=2

# The maximum size of the connection pool.
db-pool-max-size=20


## HTTP

# Hostname for the Keycloak server. CHANGE THIS!
hostname=change-me

# The used HTTPS port.
#https-port=8443

# The file path to a server certificate or certificate chain in PEM format.
# If not exists and the "openssl" command is available, a self-signed
# certificate and key will be automatically generated by the init script.
https-certificate-file=/etc/keycloak/server.crt.pem

# The file path to a private key in PEM format.
https-certificate-key-file=/etc/keycloak/server.key.pem

# The proxy address forwarding mode if the server is behind a reverse proxy.
#proxy=reencrypt

# Do not attach route to cookies and rely on the session affinity capabilities from reverse proxy
#spi-sticky-session-encoder-infinispan-should-attach-route=false


## Logging

# Enable one or more log handlers in a comma-separated list.
log=console,file

# Set the log file path and filename.
log-file=/var/log/keycloak/keycloak.log

# The log level of the root category or a comma-separated list of individual categories and their levels.
#log-level=info