Startup keycloak as a permanent runing service

xkey · March 30, 2021, 10:40am

Hello everybody,

i started with the installation of keycloak as a standalone server based on the zip file with wildfly.

But i have run into problems to start the service keycloak permanently as a service or behind a reverse proxy like apache or nginx

How can I start keycloak permanently without having to start the file manually?

Here I have already tested the following configuration but unfortunately the service keycloak does not start

/etc/systemd/system/keycloak.service

[Unit]
Description=Keycloak
After=network.target

[Service]
Type=idle
User=keycloak
Group=keycloak
ExecStart=KEYCLOAK_HOME/bin/standalone.sh -b 0.0.0.0
TimeoutStartSec=600
TimeoutStopSec=600

[Install]
WantedBy=multi-user.target

And the error message from the service “keycloak.service”:

Maybe someone here can help me

Many thanks for your help

Using Keycloak 12.0.4 (Distribution powered by WildFly) on Cent OS 7

dasniko · March 30, 2021, 12:12pm

xkey · March 30, 2021, 12:44pm

Thanks for your reply @dasniko

I will have a look at the sample files in the ZIP directory “…\keycloak-12.0.4\docs\contrib…” and get back to you otherwise if necessary

DavidR · December 8, 2021, 4:24pm

I’m replying to this because it’s the second hit on google for “keycloak systemd”

I did a lot of research on starting keycloak standalone using systemd, including the reviewing the information keycloak-15.0.1/docs/contrib/scripts. One note about the contrib scripts: they appear to be from the wildfly project and not specific to keycloak.

I Basically used the OP’s service file with a couple of changes:

[Unit]
Description=Keycloak Service
After=network.target

[Service]
User=keycloak
Group=keycloak
ExecStart=/opt/keycloak-15.0.1/bin/standalone.sh
WorkingDirectory=/opt/keycloak-15.0.1

[Install]
WantedBy=multi-user.target

I found the Type=idle and Timeout* fields did not appear to be needed. I think the key attribute is the WorkingDirectory= setting. I read the standalone.sh script and it does quite a few things based on the current directory.

Notes:

I’m unpacking keycloak into /opt
I created the keycloak user and group, and chown’d /opt/keycloak-15.0.1 with this user and group.
I’m not overriding the default of binding to 127.0.0.1 because I’m using nginx to reverse proxy, but that should be a simple change to the ExecStart= setting.

The above script is working for me on CentOS, and both starts and stops keycloak, and I have it enabled and it starts keycloak at boot.

HTH anyone who comes after me.