Seek for advice for exposing keycloak for internet facing application (for internal staff use)

Ah.ping.luk · July 23, 2025, 3:05am

Hi All,

I need to expose the internal keycloak to internet for serving internet application (used by internal staff).

I plan to make use of a reverse proxy in DMZ to handle the incoming traffic and forward to intranet Keycloak.

I want to seek for your advice on the best practice for exposing keycloak for internet application, say for security / rate limit / reverse proxy recommendation (nginx? HAProxy?)…etc

Thank you.

embesozzi · July 25, 2025, 2:14pm

Review the official docs:
[1] Configuring a reverse proxy - Keycloak
[2] Configuring Keycloak for production - Keycloak
[3] Multi-site deployments - Keycloak

Topic		Replies	Views
How to access admin ui if we don't expose it in our reverse proxy? Configuring the server admin-console	2	818	May 22, 2023
Keycloak available behind both proxy and not Configuring the server	0	34	October 18, 2024
Securing the built-in admin-cli client	3	1170	February 23, 2021
Keycloak on window server with reverse proxy not working Configuring the server	0	16	June 28, 2025
Does cloudflare provide enough security to protect Keycloak on the internet Getting advice	7	2716	December 21, 2021

Seek for advice for exposing keycloak for internet facing application (for internal staff use)

Related topics