Iâm replying to this because itâs the second hit on google for âkeycloak systemdâ
I did a lot of research on starting keycloak standalone using systemd, including the reviewing the information keycloak-15.0.1/docs/contrib/scripts. One note about the contrib scripts: they appear to be from the wildfly project and not specific to keycloak.
I Basically used the OPâs service file with a couple of changes:
I found the Type=idle and Timeout* fields did not appear to be needed. I think the key attribute is the WorkingDirectory= setting. I read the standalone.sh script and it does quite a few things based on the current directory.
Notes:
Iâm unpacking keycloak into /opt
I created the keycloak user and group, and chownâd /opt/keycloak-15.0.1 with this user and group.
Iâm not overriding the default of binding to 127.0.0.1 because Iâm using nginx to reverse proxy, but that should be a simple change to the ExecStart= setting.
The above script is working for me on CentOS, and both starts and stops keycloak, and I have it enabled and it starts keycloak at boot.
Keycloak normally exits with code 143, which looks like a problem in the systemctl and journalctl output. Avoid this by adding âSuccessExitStatus=0 143â in the âServiceâ section
Add ââoptimizedâ to the ExecStart line
The default âRestartâ is no, so your service never restarts if it dies. This isnât great: consider âRestart=alwaysâ
Youâve set owner âkeycloak:keycloakâ for the entire /opt/keycloak tree. This sounds like a really bad idea. My setup works fine with only /opt/keycloak/data owned by keycloak:keycloak, with everything else being owned by root:root
My setup: Keycloak 23, Ubuntu 22.04, Apache reverse proxy.