Align help-output across OS to simplify contributions (#28146)
Closes #28145 Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
This commit is contained in:
Alexander Schwartz
GitHub
parent
ef7ffd0482
commit
498847988a
25 changed files with 17 additions and 1962 deletions
|
|
@ -18,13 +18,18 @@
|
|||
package org.keycloak.it.cli.dist;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertNotEquals;
|
||||
import static org.keycloak.it.cli.dist.GelfRemovedTest.INCLUDE_GELF_PROPERTY;
|
||||
import static org.keycloak.quarkus.runtime.cli.command.AbstractStartCommand.OPTIMIZED_BUILD_OPTION_LONG;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Locale;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
import org.approvaltests.Approvals;
|
||||
import org.approvaltests.namer.NamedEnvironment;
|
||||
import org.hamcrest.MatcherAssert;
|
||||
import org.hamcrest.Matchers;
|
||||
import org.junit.jupiter.api.Assumptions;
|
||||
import org.junit.jupiter.api.BeforeAll;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
|
@ -171,9 +176,20 @@ public class HelpCommandDistTest {
|
|||
}
|
||||
|
||||
private void assertHelp(CLIResult result) {
|
||||
try (NamedEnvironment env = KcNamerFactory.asWindowsOsSpecificTest()) {
|
||||
try {
|
||||
// normalize the output to prevent changes around the feature toggles to mark the output to differ
|
||||
String output = result.getOutput().replaceAll("((Disables|Enables) a set of one or more features. Possible values are: )[^.]{30,}", "$1<...>");
|
||||
|
||||
String osName = System.getProperty("os.name");
|
||||
if(osName.toLowerCase(Locale.ROOT).contains("windows")) {
|
||||
// On Windows, all output should have at least one "kc.bat" in it.
|
||||
MatcherAssert.assertThat(output, Matchers.containsString("kc.bat"));
|
||||
output = output.replaceAll("kc.bat", "kc.sh");
|
||||
output = output.replaceAll(Pattern.quote("data\\log\\"), "data/log/");
|
||||
// line wrap which looks differently due to ".bat" vs. ".sh"
|
||||
output = output.replaceAll("including\nbuild ", "including build\n");
|
||||
}
|
||||
|
||||
Approvals.verify(output);
|
||||
} catch (Exception cause) {
|
||||
throw new RuntimeException("Failed to assert help", cause);
|
||||
|
|
|
|||
|
|
@ -1,112 +0,0 @@
|
|||
Creates a new and optimized server image.
|
||||
|
||||
Usage:
|
||||
|
||||
kc.bat build [OPTIONS]
|
||||
|
||||
Creates a new and optimized server image based on the configuration options
|
||||
passed to this command. Once created, the configuration will be persisted and
|
||||
read during startup without having to pass them over again.
|
||||
|
||||
Consider running this command before running the server in production for an
|
||||
optimal runtime.
|
||||
|
||||
Options:
|
||||
|
||||
-h, --help This help message.
|
||||
--help-all This same help message but with additional options.
|
||||
-v, --verbose Print out error details when running this command.
|
||||
|
||||
Cache:
|
||||
|
||||
--cache <type> Defines the cache mechanism for high-availability. By default in production
|
||||
mode, a 'ispn' cache is used to create a cluster between multiple server
|
||||
nodes. By default in development mode, a 'local' cache disables clustering
|
||||
and is intended for development and testing purposes. Possible values are:
|
||||
ispn, local. Default: ispn.
|
||||
--cache-config-file <file>
|
||||
Defines the file from which cache configuration should be loaded from. The
|
||||
configuration file is relative to the 'conf/' directory.
|
||||
--cache-stack <stack>
|
||||
Define the default stack to use for cluster communication and node discovery.
|
||||
This option only takes effect if 'cache' is set to 'ispn'. Default: udp.
|
||||
Possible values are: tcp, udp, kubernetes, ec2, azure, google.
|
||||
|
||||
Database:
|
||||
|
||||
--db <vendor> The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
|
||||
mysql, oracle, postgres. Default: dev-file.
|
||||
--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
|
||||
driver is set accordingly to the chosen database.
|
||||
|
||||
Transaction:
|
||||
|
||||
--transaction-xa-enabled <true|false>
|
||||
If set to true, XA datasources will be used. Default: false.
|
||||
|
||||
Feature:
|
||||
|
||||
--features <feature> Enables a set of one or more features. Possible values are: <...>.
|
||||
--features-disabled <feature>
|
||||
Disables a set of one or more features. Possible values are: <...>.
|
||||
|
||||
HTTP(S):
|
||||
|
||||
--http-relative-path <path>
|
||||
Set the path relative to '/' for serving resources. The path must start with a
|
||||
'/'. Default: /.
|
||||
--https-client-auth <auth>
|
||||
Configures the server to require/request client authentication. Possible
|
||||
values are: none, request, required. Default: none.
|
||||
|
||||
Health:
|
||||
|
||||
--health-enabled <true|false>
|
||||
If the server should expose health check endpoints. If enabled, health checks
|
||||
are available at the '/health', '/health/ready' and '/health/live'
|
||||
endpoints. Default: false.
|
||||
|
||||
Metrics:
|
||||
|
||||
--metrics-enabled <true|false>
|
||||
If the server should expose metrics. If enabled, metrics are available at the
|
||||
'/metrics' endpoint. Default: false.
|
||||
|
||||
Vault:
|
||||
|
||||
--vault <provider> Enables a vault provider. Possible values are: file, keystore.
|
||||
|
||||
Security:
|
||||
|
||||
--fips-mode <mode> Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on
|
||||
non-approved mode. For full FIPS compliance, set 'strict' to run on approved
|
||||
mode. This option defaults to 'disabled' when 'fips' feature is disabled,
|
||||
which is by default. This option defaults to 'non-strict' when 'fips'
|
||||
feature is enabled. Possible values are: non-strict, strict. Default:
|
||||
disabled.
|
||||
|
||||
Examples:
|
||||
|
||||
Change the database vendor:
|
||||
|
||||
$ kc.bat build --db=postgres
|
||||
|
||||
Enable a feature:
|
||||
|
||||
$ kc.bat build --features=<feature_name>
|
||||
|
||||
Or alternatively, enable all tech preview features:
|
||||
|
||||
$ kc.bat build --features=preview
|
||||
|
||||
Enable health endpoints:
|
||||
|
||||
$ kc.bat build --health-enabled=true
|
||||
|
||||
Enable metrics endpoints:
|
||||
|
||||
$ kc.bat build --metrics-enabled=true
|
||||
|
||||
Change the relative path:
|
||||
|
||||
$ kc.bat build --http-relative-path=/auth
|
||||
|
|
@ -1,55 +0,0 @@
|
|||
Keycloak - Open Source Identity and Access Management
|
||||
|
||||
Find more information at: https://www.keycloak.org/docs/latest
|
||||
|
||||
Usage:
|
||||
|
||||
kc.bat [OPTIONS] [COMMAND]
|
||||
|
||||
Use this command-line tool to manage your Keycloak cluster.
|
||||
Make sure the command is available on your "PATH" or prefix it with "./" (e.g.:
|
||||
"./kc.bat") to execute from the current folder.
|
||||
|
||||
Options:
|
||||
|
||||
-cf, --config-file <file>
|
||||
Set the path to a configuration file. By default, configuration properties are
|
||||
read from the "keycloak.conf" file in the "conf" directory.
|
||||
-h, --help This help message.
|
||||
-v, --verbose Print out error details when running this command.
|
||||
-V, --version Show version information
|
||||
|
||||
Commands:
|
||||
|
||||
build Creates a new and optimized server image.
|
||||
start Start the server.
|
||||
start-dev Start the server in development mode.
|
||||
export Export data from realms to a file or directory.
|
||||
import Import data from a directory or a file.
|
||||
show-config Print out the current configuration.
|
||||
tools Utilities for use and interaction with the server.
|
||||
completion Generate bash/zsh completion script for kc.bat.
|
||||
|
||||
Examples:
|
||||
|
||||
Start the server in development mode for local development or testing:
|
||||
|
||||
$ kc.bat start-dev
|
||||
|
||||
Building an optimized server runtime:
|
||||
|
||||
$ kc.bat build <OPTIONS>
|
||||
|
||||
Start the server in production mode:
|
||||
|
||||
$ kc.bat start <OPTIONS>
|
||||
|
||||
Enable auto-completion to bash/zsh:
|
||||
|
||||
$ source <(kc.bat tools completion)
|
||||
|
||||
Please, take a look at the documentation for more details before deploying in
|
||||
production.
|
||||
|
||||
Use "kc.bat start --help" for the available options when starting the server.
|
||||
Use "kc.bat <command> --help" for more information about other commands.
|
||||
|
|
@ -1,55 +0,0 @@
|
|||
Keycloak - Open Source Identity and Access Management
|
||||
|
||||
Find more information at: https://www.keycloak.org/docs/latest
|
||||
|
||||
Usage:
|
||||
|
||||
kc.bat [OPTIONS] [COMMAND]
|
||||
|
||||
Use this command-line tool to manage your Keycloak cluster.
|
||||
Make sure the command is available on your "PATH" or prefix it with "./" (e.g.:
|
||||
"./kc.bat") to execute from the current folder.
|
||||
|
||||
Options:
|
||||
|
||||
-cf, --config-file <file>
|
||||
Set the path to a configuration file. By default, configuration properties are
|
||||
read from the "keycloak.conf" file in the "conf" directory.
|
||||
-h, --help This help message.
|
||||
-v, --verbose Print out error details when running this command.
|
||||
-V, --version Show version information
|
||||
|
||||
Commands:
|
||||
|
||||
build Creates a new and optimized server image.
|
||||
start Start the server.
|
||||
start-dev Start the server in development mode.
|
||||
export Export data from realms to a file or directory.
|
||||
import Import data from a directory or a file.
|
||||
show-config Print out the current configuration.
|
||||
tools Utilities for use and interaction with the server.
|
||||
completion Generate bash/zsh completion script for kc.bat.
|
||||
|
||||
Examples:
|
||||
|
||||
Start the server in development mode for local development or testing:
|
||||
|
||||
$ kc.bat start-dev
|
||||
|
||||
Building an optimized server runtime:
|
||||
|
||||
$ kc.bat build <OPTIONS>
|
||||
|
||||
Start the server in production mode:
|
||||
|
||||
$ kc.bat start <OPTIONS>
|
||||
|
||||
Enable auto-completion to bash/zsh:
|
||||
|
||||
$ source <(kc.bat tools completion)
|
||||
|
||||
Please, take a look at the documentation for more details before deploying in
|
||||
production.
|
||||
|
||||
Use "kc.bat start --help" for the available options when starting the server.
|
||||
Use "kc.bat <command> --help" for more information about other commands.
|
||||
|
|
@ -1,55 +0,0 @@
|
|||
Keycloak - Open Source Identity and Access Management
|
||||
|
||||
Find more information at: https://www.keycloak.org/docs/latest
|
||||
|
||||
Usage:
|
||||
|
||||
kc.bat [OPTIONS] [COMMAND]
|
||||
|
||||
Use this command-line tool to manage your Keycloak cluster.
|
||||
Make sure the command is available on your "PATH" or prefix it with "./" (e.g.:
|
||||
"./kc.bat") to execute from the current folder.
|
||||
|
||||
Options:
|
||||
|
||||
-cf, --config-file <file>
|
||||
Set the path to a configuration file. By default, configuration properties are
|
||||
read from the "keycloak.conf" file in the "conf" directory.
|
||||
-h, --help This help message.
|
||||
-v, --verbose Print out error details when running this command.
|
||||
-V, --version Show version information
|
||||
|
||||
Commands:
|
||||
|
||||
build Creates a new and optimized server image.
|
||||
start Start the server.
|
||||
start-dev Start the server in development mode.
|
||||
export Export data from realms to a file or directory.
|
||||
import Import data from a directory or a file.
|
||||
show-config Print out the current configuration.
|
||||
tools Utilities for use and interaction with the server.
|
||||
completion Generate bash/zsh completion script for kc.bat.
|
||||
|
||||
Examples:
|
||||
|
||||
Start the server in development mode for local development or testing:
|
||||
|
||||
$ kc.bat start-dev
|
||||
|
||||
Building an optimized server runtime:
|
||||
|
||||
$ kc.bat build <OPTIONS>
|
||||
|
||||
Start the server in production mode:
|
||||
|
||||
$ kc.bat start <OPTIONS>
|
||||
|
||||
Enable auto-completion to bash/zsh:
|
||||
|
||||
$ source <(kc.bat tools completion)
|
||||
|
||||
Please, take a look at the documentation for more details before deploying in
|
||||
production.
|
||||
|
||||
Use "kc.bat start --help" for the available options when starting the server.
|
||||
Use "kc.bat <command> --help" for more information about other commands.
|
||||
|
|
@ -1,276 +0,0 @@
|
|||
Start the server in development mode.
|
||||
|
||||
Usage:
|
||||
|
||||
kc.bat start-dev [OPTIONS]
|
||||
|
||||
Use this command if you want to run the server locally for development or
|
||||
testing purposes.
|
||||
|
||||
Options:
|
||||
|
||||
-h, --help This help message.
|
||||
--help-all This same help message but with additional options.
|
||||
--import-realm Import realms during startup by reading any realm configuration file from the
|
||||
'data/import' directory.
|
||||
-v, --verbose Print out error details when running this command.
|
||||
|
||||
Cache:
|
||||
|
||||
--cache <type> Defines the cache mechanism for high-availability. By default in production
|
||||
mode, a 'ispn' cache is used to create a cluster between multiple server
|
||||
nodes. By default in development mode, a 'local' cache disables clustering
|
||||
and is intended for development and testing purposes. Possible values are:
|
||||
ispn, local. Default: ispn.
|
||||
--cache-config-file <file>
|
||||
Defines the file from which cache configuration should be loaded from. The
|
||||
configuration file is relative to the 'conf/' directory.
|
||||
--cache-embedded-mtls-enabled <true|false>
|
||||
Encrypts the network communication between Keycloak servers. Default: false.
|
||||
--cache-embedded-mtls-key-store-file <file>
|
||||
The Keystore file path. The Keystore must contain the certificate to use by
|
||||
the TLS protocol. By default, it lookup 'cache-mtls-keystore.p12' under
|
||||
conf/ directory.
|
||||
--cache-embedded-mtls-key-store-password <password>
|
||||
The password to access the Keystore.
|
||||
--cache-embedded-mtls-trust-store-file <file>
|
||||
The Truststore file path. It should contain the trusted certificates or the
|
||||
Certificate Authority that signed the certificates. By default, it lookup
|
||||
'cache-mtls-truststore.p12' under conf/ directory.
|
||||
--cache-embedded-mtls-trust-store-password <password>
|
||||
The password to access the Truststore.
|
||||
--cache-remote-host <hostname>
|
||||
The hostname of the remote server for the remote store configuration. It
|
||||
replaces the 'host' attribute of 'remote-server' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-username' and 'cache-remote-password' are required
|
||||
as well and the related configuration in XML file should not be present.
|
||||
--cache-remote-password <password>
|
||||
The password for the authentication to the remote server for the remote store.
|
||||
It replaces the 'password' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-username' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-remote-port <port>
|
||||
The port of the remote server for the remote store configuration. It replaces
|
||||
the 'port' attribute of 'remote-server' tag of the configuration specified
|
||||
via XML file (see 'cache-config-file' option.). Default: 11222.
|
||||
--cache-remote-username <username>
|
||||
The username for the authentication to the remote server for the remote store.
|
||||
It replaces the 'username' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-password' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-stack <stack>
|
||||
Define the default stack to use for cluster communication and node discovery.
|
||||
This option only takes effect if 'cache' is set to 'ispn'. Default: udp.
|
||||
Possible values are: tcp, udp, kubernetes, ec2, azure, google.
|
||||
|
||||
Database:
|
||||
|
||||
--db <vendor> The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
|
||||
mysql, oracle, postgres. Default: dev-file.
|
||||
--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
|
||||
driver is set accordingly to the chosen database.
|
||||
--db-password <password>
|
||||
The password of the database user.
|
||||
--db-pool-initial-size <size>
|
||||
The initial size of the connection pool.
|
||||
--db-pool-max-size <size>
|
||||
The maximum size of the connection pool. Default: 100.
|
||||
--db-pool-min-size <size>
|
||||
The minimal size of the connection pool.
|
||||
--db-schema <schema> The database schema to be used.
|
||||
--db-url <jdbc-url> The full database JDBC URL. If not provided, a default URL is set based on the
|
||||
selected database vendor. For instance, if using 'postgres', the default
|
||||
JDBC URL would be 'jdbc:postgresql://localhost/keycloak'.
|
||||
--db-url-database <dbname>
|
||||
Sets the database name of the default JDBC URL of the chosen vendor. If the
|
||||
`db-url` option is set, this option is ignored.
|
||||
--db-url-host <hostname>
|
||||
Sets the hostname of the default JDBC URL of the chosen vendor. If the
|
||||
`db-url` option is set, this option is ignored.
|
||||
--db-url-port <port> Sets the port of the default JDBC URL of the chosen vendor. If the `db-url`
|
||||
option is set, this option is ignored.
|
||||
--db-url-properties <properties>
|
||||
Sets the properties of the default JDBC URL of the chosen vendor. Make sure to
|
||||
set the properties accordingly to the format expected by the database
|
||||
vendor, as well as appending the right character at the beginning of this
|
||||
property value. If the `db-url` option is set, this option is ignored.
|
||||
--db-username <username>
|
||||
The username of the database user.
|
||||
|
||||
Transaction:
|
||||
|
||||
--transaction-xa-enabled <true|false>
|
||||
If set to true, XA datasources will be used. Default: false.
|
||||
|
||||
Feature:
|
||||
|
||||
--features <feature> Enables a set of one or more features. Possible values are: <...>.
|
||||
--features-disabled <feature>
|
||||
Disables a set of one or more features. Possible values are: <...>.
|
||||
|
||||
Hostname:
|
||||
|
||||
--hostname <hostname>
|
||||
Hostname for the Keycloak server.
|
||||
--hostname-admin <hostname>
|
||||
The hostname for accessing the administration console. Use this option if you
|
||||
are exposing the administration console using a hostname other than the
|
||||
value set to the 'hostname' option.
|
||||
--hostname-admin-url <url>
|
||||
Set the base URL for accessing the administration console, including scheme,
|
||||
host, port and path
|
||||
--hostname-debug <true|false>
|
||||
Toggle the hostname debug page that is accessible at
|
||||
/realms/master/hostname-debug Default: false.
|
||||
--hostname-path <path>
|
||||
This should be set if proxy uses a different context-path for Keycloak.
|
||||
--hostname-port <port>
|
||||
The port used by the proxy when exposing the hostname. Set this option if the
|
||||
proxy uses a port other than the default HTTP and HTTPS ports. Default: -1.
|
||||
--hostname-strict <true|false>
|
||||
Disables dynamically resolving the hostname from request headers. Should
|
||||
always be set to true in production, unless proxy verifies the Host header.
|
||||
Default: true.
|
||||
--hostname-strict-backchannel <true|false>
|
||||
By default backchannel URLs are dynamically resolved from request headers to
|
||||
allow internal and external applications. If all applications use the public
|
||||
URL this option should be enabled. Default: false.
|
||||
--hostname-url <url> Set the base URL for frontend URLs, including scheme, host, port and path.
|
||||
|
||||
HTTP(S):
|
||||
|
||||
--http-enabled <true|false>
|
||||
Enables the HTTP listener. Default: false.
|
||||
--http-host <host> The used HTTP Host. Default: 0.0.0.0.
|
||||
--http-max-queued-requests <requests>
|
||||
Maximum number of queued HTTP requests. Use this to shed load in an overload
|
||||
situation. Excess requests will return a "503 Server not Available" response.
|
||||
--http-pool-max-threads <threads>
|
||||
The maximum number of threads. If this is not specified then it will be
|
||||
automatically sized to the greatest of 8 * the number of available
|
||||
processors and 200. For example if there are 4 processors the max threads
|
||||
will be 200. If there are 48 processors it will be 384.
|
||||
--http-port <port> The used HTTP port. Default: 8080.
|
||||
--http-relative-path <path>
|
||||
Set the path relative to '/' for serving resources. The path must start with a
|
||||
'/'. Default: /.
|
||||
--https-certificate-file <file>
|
||||
The file path to a server certificate or certificate chain in PEM format.
|
||||
--https-certificate-key-file <file>
|
||||
The file path to a private key in PEM format.
|
||||
--https-cipher-suites <ciphers>
|
||||
The cipher suites to use. If none is given, a reasonable default is selected.
|
||||
--https-client-auth <auth>
|
||||
Configures the server to require/request client authentication. Possible
|
||||
values are: none, request, required. Default: none.
|
||||
--https-key-store-file <file>
|
||||
The key store which holds the certificate information instead of specifying
|
||||
separate files.
|
||||
--https-key-store-password <password>
|
||||
The password of the key store file. Default: password.
|
||||
--https-key-store-type <type>
|
||||
The type of the key store file. If not given, the type is automatically
|
||||
detected based on the file name. If 'fips-mode' is set to 'strict' and no
|
||||
value is set, it defaults to 'BCFKS'.
|
||||
--https-port <port> The used HTTPS port. Default: 8443.
|
||||
--https-protocols <protocols>
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2.
|
||||
--https-trust-store-file <file>
|
||||
DEPRECATED. The trust store which holds the certificate information of the
|
||||
certificates to trust. Use the System Truststore instead, see the docs for
|
||||
details.
|
||||
--https-trust-store-password <password>
|
||||
DEPRECATED. The password of the trust store file. Use the System Truststore
|
||||
instead, see the docs for details.
|
||||
--https-trust-store-type <type>
|
||||
DEPRECATED. The type of the trust store file. If not given, the type is
|
||||
automatically detected based on the file name. If 'fips-mode' is set to
|
||||
'strict' and no value is set, it defaults to 'BCFKS'. Use the System
|
||||
Truststore instead, see the docs for details.
|
||||
|
||||
Health:
|
||||
|
||||
--health-enabled <true|false>
|
||||
If the server should expose health check endpoints. If enabled, health checks
|
||||
are available at the '/health', '/health/ready' and '/health/live'
|
||||
endpoints. Default: false.
|
||||
|
||||
Config:
|
||||
|
||||
--config-keystore <config-keystore>
|
||||
Specifies a path to the KeyStore Configuration Source.
|
||||
--config-keystore-password <config-keystore-password>
|
||||
Specifies a password to the KeyStore Configuration Source.
|
||||
--config-keystore-type <config-keystore-type>
|
||||
Specifies a type of the KeyStore Configuration Source. Default: PKCS12.
|
||||
|
||||
Metrics:
|
||||
|
||||
--metrics-enabled <true|false>
|
||||
If the server should expose metrics. If enabled, metrics are available at the
|
||||
'/metrics' endpoint. Default: false.
|
||||
|
||||
Proxy:
|
||||
|
||||
--proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a
|
||||
reverse proxy. Possible values are: none, edge, reencrypt, passthrough.
|
||||
Default: none. Use the following option instead: proxy-headers.
|
||||
--proxy-headers <headers>
|
||||
The proxy headers that should be accepted by the server. Misconfiguration
|
||||
might leave the server exposed to security vulnerabilities. Takes precedence
|
||||
over the deprecated proxy option. Possible values are: forwarded, xforwarded.
|
||||
|
||||
Vault:
|
||||
|
||||
--vault <provider> Enables a vault provider. Possible values are: file, keystore.
|
||||
--vault-dir <dir> If set, secrets can be obtained by reading the content of files within the
|
||||
given directory.
|
||||
--vault-file <file> Path to the keystore file.
|
||||
--vault-pass <pass> Password for the vault keystore.
|
||||
--vault-type <type> Specifies the type of the keystore file. Default: PKCS12.
|
||||
|
||||
Logging:
|
||||
|
||||
--log <handler> Enable one or more log handlers in a comma-separated list. Possible values
|
||||
are: console, file, gelf (deprecated). Default: console.
|
||||
--log-console-color <true|false>
|
||||
Enable or disable colors when logging to console. Default: false. Available
|
||||
only when Console log handler is activated.
|
||||
--log-console-format <format>
|
||||
The format of unstructured console log entries. If the format has spaces in
|
||||
it, escape the value using "<format>". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} %
|
||||
-5p [%c] (%t) %s%e%n. Available only when Console log handler is activated.
|
||||
--log-console-output <output>
|
||||
Set the log output to JSON or default (plain) unstructured logging. Possible
|
||||
values are: default, json. Default: default. Available only when Console log
|
||||
handler is activated.
|
||||
--log-level <category:level>
|
||||
The log level of the root category or a comma-separated list of individual
|
||||
categories and their levels. For the root category, you don't need to
|
||||
specify a category. Default: info.
|
||||
|
||||
Truststore:
|
||||
|
||||
--tls-hostname-verifier <tls-hostname-verifier>
|
||||
The TLS hostname verification policy for out-going HTTPS and SMTP requests.
|
||||
Possible values are: ANY, WILDCARD, STRICT. Default: WILDCARD.
|
||||
--truststore-paths <truststore-paths>
|
||||
List of pkcs12 (p12 or pfx file extensions), PEM files, or directories
|
||||
containing those files that will be used as a system truststore.
|
||||
|
||||
Security:
|
||||
|
||||
--fips-mode <mode> Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on
|
||||
non-approved mode. For full FIPS compliance, set 'strict' to run on approved
|
||||
mode. This option defaults to 'disabled' when 'fips' feature is disabled,
|
||||
which is by default. This option defaults to 'non-strict' when 'fips'
|
||||
feature is enabled. Possible values are: non-strict, strict. Default:
|
||||
disabled.
|
||||
|
||||
Do NOT start the server using this command when deploying to production.
|
||||
|
||||
Use 'kc.bat start-dev --help-all' to list all available options, including build
|
||||
options.
|
||||
|
|
@ -1,324 +0,0 @@
|
|||
Start the server in development mode.
|
||||
|
||||
Usage:
|
||||
|
||||
kc.bat start-dev [OPTIONS]
|
||||
|
||||
Use this command if you want to run the server locally for development or
|
||||
testing purposes.
|
||||
|
||||
Options:
|
||||
|
||||
-h, --help This help message.
|
||||
--help-all This same help message but with additional options.
|
||||
--import-realm Import realms during startup by reading any realm configuration file from the
|
||||
'data/import' directory.
|
||||
-v, --verbose Print out error details when running this command.
|
||||
|
||||
Cache:
|
||||
|
||||
--cache <type> Defines the cache mechanism for high-availability. By default in production
|
||||
mode, a 'ispn' cache is used to create a cluster between multiple server
|
||||
nodes. By default in development mode, a 'local' cache disables clustering
|
||||
and is intended for development and testing purposes. Possible values are:
|
||||
ispn, local. Default: ispn.
|
||||
--cache-config-file <file>
|
||||
Defines the file from which cache configuration should be loaded from. The
|
||||
configuration file is relative to the 'conf/' directory.
|
||||
--cache-embedded-mtls-enabled <true|false>
|
||||
Encrypts the network communication between Keycloak servers. Default: false.
|
||||
--cache-embedded-mtls-key-store-file <file>
|
||||
The Keystore file path. The Keystore must contain the certificate to use by
|
||||
the TLS protocol. By default, it lookup 'cache-mtls-keystore.p12' under
|
||||
conf/ directory.
|
||||
--cache-embedded-mtls-key-store-password <password>
|
||||
The password to access the Keystore.
|
||||
--cache-embedded-mtls-trust-store-file <file>
|
||||
The Truststore file path. It should contain the trusted certificates or the
|
||||
Certificate Authority that signed the certificates. By default, it lookup
|
||||
'cache-mtls-truststore.p12' under conf/ directory.
|
||||
--cache-embedded-mtls-trust-store-password <password>
|
||||
The password to access the Truststore.
|
||||
--cache-metrics-histograms-enabled <true|false>
|
||||
Enable histograms for metrics for the embedded caches. Default: false.
|
||||
Available only when metrics are enabled.
|
||||
--cache-remote-host <hostname>
|
||||
The hostname of the remote server for the remote store configuration. It
|
||||
replaces the 'host' attribute of 'remote-server' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-username' and 'cache-remote-password' are required
|
||||
as well and the related configuration in XML file should not be present.
|
||||
--cache-remote-password <password>
|
||||
The password for the authentication to the remote server for the remote store.
|
||||
It replaces the 'password' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-username' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-remote-port <port>
|
||||
The port of the remote server for the remote store configuration. It replaces
|
||||
the 'port' attribute of 'remote-server' tag of the configuration specified
|
||||
via XML file (see 'cache-config-file' option.). Default: 11222.
|
||||
--cache-remote-username <username>
|
||||
The username for the authentication to the remote server for the remote store.
|
||||
It replaces the 'username' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-password' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-stack <stack>
|
||||
Define the default stack to use for cluster communication and node discovery.
|
||||
This option only takes effect if 'cache' is set to 'ispn'. Default: udp.
|
||||
Possible values are: tcp, udp, kubernetes, ec2, azure, google.
|
||||
|
||||
Database:
|
||||
|
||||
--db <vendor> The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
|
||||
mysql, oracle, postgres. Default: dev-file.
|
||||
--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
|
||||
driver is set accordingly to the chosen database.
|
||||
--db-password <password>
|
||||
The password of the database user.
|
||||
--db-pool-initial-size <size>
|
||||
The initial size of the connection pool.
|
||||
--db-pool-max-size <size>
|
||||
The maximum size of the connection pool. Default: 100.
|
||||
--db-pool-min-size <size>
|
||||
The minimal size of the connection pool.
|
||||
--db-schema <schema> The database schema to be used.
|
||||
--db-url <jdbc-url> The full database JDBC URL. If not provided, a default URL is set based on the
|
||||
selected database vendor. For instance, if using 'postgres', the default
|
||||
JDBC URL would be 'jdbc:postgresql://localhost/keycloak'.
|
||||
--db-url-database <dbname>
|
||||
Sets the database name of the default JDBC URL of the chosen vendor. If the
|
||||
`db-url` option is set, this option is ignored.
|
||||
--db-url-host <hostname>
|
||||
Sets the hostname of the default JDBC URL of the chosen vendor. If the
|
||||
`db-url` option is set, this option is ignored.
|
||||
--db-url-port <port> Sets the port of the default JDBC URL of the chosen vendor. If the `db-url`
|
||||
option is set, this option is ignored.
|
||||
--db-url-properties <properties>
|
||||
Sets the properties of the default JDBC URL of the chosen vendor. Make sure to
|
||||
set the properties accordingly to the format expected by the database
|
||||
vendor, as well as appending the right character at the beginning of this
|
||||
property value. If the `db-url` option is set, this option is ignored.
|
||||
--db-username <username>
|
||||
The username of the database user.
|
||||
|
||||
Transaction:
|
||||
|
||||
--transaction-xa-enabled <true|false>
|
||||
If set to true, XA datasources will be used. Default: false.
|
||||
|
||||
Feature:
|
||||
|
||||
--features <feature> Enables a set of one or more features. Possible values are: <...>.
|
||||
--features-disabled <feature>
|
||||
Disables a set of one or more features. Possible values are: <...>.
|
||||
|
||||
Hostname:
|
||||
|
||||
--hostname <hostname>
|
||||
Hostname for the Keycloak server.
|
||||
--hostname-admin <hostname>
|
||||
The hostname for accessing the administration console. Use this option if you
|
||||
are exposing the administration console using a hostname other than the
|
||||
value set to the 'hostname' option.
|
||||
--hostname-admin-url <url>
|
||||
Set the base URL for accessing the administration console, including scheme,
|
||||
host, port and path
|
||||
--hostname-debug <true|false>
|
||||
Toggle the hostname debug page that is accessible at
|
||||
/realms/master/hostname-debug Default: false.
|
||||
--hostname-path <path>
|
||||
This should be set if proxy uses a different context-path for Keycloak.
|
||||
--hostname-port <port>
|
||||
The port used by the proxy when exposing the hostname. Set this option if the
|
||||
proxy uses a port other than the default HTTP and HTTPS ports. Default: -1.
|
||||
--hostname-strict <true|false>
|
||||
Disables dynamically resolving the hostname from request headers. Should
|
||||
always be set to true in production, unless proxy verifies the Host header.
|
||||
Default: true.
|
||||
--hostname-strict-backchannel <true|false>
|
||||
By default backchannel URLs are dynamically resolved from request headers to
|
||||
allow internal and external applications. If all applications use the public
|
||||
URL this option should be enabled. Default: false.
|
||||
--hostname-url <url> Set the base URL for frontend URLs, including scheme, host, port and path.
|
||||
|
||||
HTTP(S):
|
||||
|
||||
--http-enabled <true|false>
|
||||
Enables the HTTP listener. Default: false.
|
||||
--http-host <host> The used HTTP Host. Default: 0.0.0.0.
|
||||
--http-max-queued-requests <requests>
|
||||
Maximum number of queued HTTP requests. Use this to shed load in an overload
|
||||
situation. Excess requests will return a "503 Server not Available" response.
|
||||
--http-pool-max-threads <threads>
|
||||
The maximum number of threads. If this is not specified then it will be
|
||||
automatically sized to the greatest of 8 * the number of available
|
||||
processors and 200. For example if there are 4 processors the max threads
|
||||
will be 200. If there are 48 processors it will be 384.
|
||||
--http-port <port> The used HTTP port. Default: 8080.
|
||||
--http-relative-path <path>
|
||||
Set the path relative to '/' for serving resources. The path must start with a
|
||||
'/'. Default: /.
|
||||
--https-certificate-file <file>
|
||||
The file path to a server certificate or certificate chain in PEM format.
|
||||
--https-certificate-key-file <file>
|
||||
The file path to a private key in PEM format.
|
||||
--https-cipher-suites <ciphers>
|
||||
The cipher suites to use. If none is given, a reasonable default is selected.
|
||||
--https-client-auth <auth>
|
||||
Configures the server to require/request client authentication. Possible
|
||||
values are: none, request, required. Default: none.
|
||||
--https-key-store-file <file>
|
||||
The key store which holds the certificate information instead of specifying
|
||||
separate files.
|
||||
--https-key-store-password <password>
|
||||
The password of the key store file. Default: password.
|
||||
--https-key-store-type <type>
|
||||
The type of the key store file. If not given, the type is automatically
|
||||
detected based on the file name. If 'fips-mode' is set to 'strict' and no
|
||||
value is set, it defaults to 'BCFKS'.
|
||||
--https-port <port> The used HTTPS port. Default: 8443.
|
||||
--https-protocols <protocols>
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2.
|
||||
--https-trust-store-file <file>
|
||||
DEPRECATED. The trust store which holds the certificate information of the
|
||||
certificates to trust. Use the System Truststore instead, see the docs for
|
||||
details.
|
||||
--https-trust-store-password <password>
|
||||
DEPRECATED. The password of the trust store file. Use the System Truststore
|
||||
instead, see the docs for details.
|
||||
--https-trust-store-type <type>
|
||||
DEPRECATED. The type of the trust store file. If not given, the type is
|
||||
automatically detected based on the file name. If 'fips-mode' is set to
|
||||
'strict' and no value is set, it defaults to 'BCFKS'. Use the System
|
||||
Truststore instead, see the docs for details.
|
||||
|
||||
Health:
|
||||
|
||||
--health-enabled <true|false>
|
||||
If the server should expose health check endpoints. If enabled, health checks
|
||||
are available at the '/health', '/health/ready' and '/health/live'
|
||||
endpoints. Default: false.
|
||||
|
||||
Config:
|
||||
|
||||
--config-keystore <config-keystore>
|
||||
Specifies a path to the KeyStore Configuration Source.
|
||||
--config-keystore-password <config-keystore-password>
|
||||
Specifies a password to the KeyStore Configuration Source.
|
||||
--config-keystore-type <config-keystore-type>
|
||||
Specifies a type of the KeyStore Configuration Source. Default: PKCS12.
|
||||
|
||||
Metrics:
|
||||
|
||||
--metrics-enabled <true|false>
|
||||
If the server should expose metrics. If enabled, metrics are available at the
|
||||
'/metrics' endpoint. Default: false.
|
||||
|
||||
Proxy:
|
||||
|
||||
--proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a
|
||||
reverse proxy. Possible values are: none, edge, reencrypt, passthrough.
|
||||
Default: none. Use the following option instead: proxy-headers.
|
||||
--proxy-headers <headers>
|
||||
The proxy headers that should be accepted by the server. Misconfiguration
|
||||
might leave the server exposed to security vulnerabilities. Takes precedence
|
||||
over the deprecated proxy option. Possible values are: forwarded, xforwarded.
|
||||
|
||||
Vault:
|
||||
|
||||
--vault <provider> Enables a vault provider. Possible values are: file, keystore.
|
||||
--vault-dir <dir> If set, secrets can be obtained by reading the content of files within the
|
||||
given directory.
|
||||
--vault-file <file> Path to the keystore file.
|
||||
--vault-pass <pass> Password for the vault keystore.
|
||||
--vault-type <type> Specifies the type of the keystore file. Default: PKCS12.
|
||||
|
||||
Logging:
|
||||
|
||||
--log <handler> Enable one or more log handlers in a comma-separated list. Possible values
|
||||
are: console, file, gelf (deprecated). Default: console.
|
||||
--log-console-color <true|false>
|
||||
Enable or disable colors when logging to console. Default: false. Available
|
||||
only when Console log handler is activated.
|
||||
--log-console-format <format>
|
||||
The format of unstructured console log entries. If the format has spaces in
|
||||
it, escape the value using "<format>". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} %
|
||||
-5p [%c] (%t) %s%e%n. Available only when Console log handler is activated.
|
||||
--log-console-output <output>
|
||||
Set the log output to JSON or default (plain) unstructured logging. Possible
|
||||
values are: default, json. Default: default. Available only when Console log
|
||||
handler is activated.
|
||||
--log-file <file> Set the log file path and filename. Default: data/log/keycloak.log. Available
|
||||
only when File log handler is activated.
|
||||
--log-file-format <format>
|
||||
Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss,
|
||||
SSS} %-5p [%c] (%t) %s%e%n. Available only when File log handler is
|
||||
activated.
|
||||
--log-file-output <output>
|
||||
Set the log output to JSON or default (plain) unstructured logging. Possible
|
||||
values are: default, json. Default: default. Available only when File log
|
||||
handler is activated.
|
||||
--log-gelf-facility <name>
|
||||
DEPRECATED. The facility (name of the process) that sends the message.
|
||||
Default: keycloak. Available only when GELF is activated.
|
||||
--log-gelf-host <hostname>
|
||||
DEPRECATED. Hostname of the Logstash or Graylog Host. By default UDP is used,
|
||||
prefix the host with 'tcp:' to switch to TCP. Example: 'tcp:localhost'
|
||||
Default: localhost. Available only when GELF is activated.
|
||||
--log-gelf-include-location <true|false>
|
||||
DEPRECATED. Include source code location. Default: true. Available only when
|
||||
GELF is activated.
|
||||
--log-gelf-include-message-parameters <true|false>
|
||||
DEPRECATED. Include message parameters from the log event. Default: true.
|
||||
Available only when GELF is activated.
|
||||
--log-gelf-include-stack-trace <true|false>
|
||||
DEPRECATED. If set to true, occuring stack traces are included in the
|
||||
'StackTrace' field in the GELF output. Default: true. Available only when
|
||||
GELF is activated.
|
||||
--log-gelf-level <level>
|
||||
DEPRECATED. The log level specifying which message levels will be logged by
|
||||
the GELF logger. Message levels lower than this value will be discarded.
|
||||
Default: INFO. Available only when GELF is activated.
|
||||
--log-gelf-max-message-size <size>
|
||||
DEPRECATED. Maximum message size (in bytes). If the message size is exceeded,
|
||||
GELF will submit the message in multiple chunks. Default: 8192. Available
|
||||
only when GELF is activated.
|
||||
--log-gelf-port <port>
|
||||
DEPRECATED. The port the Logstash or Graylog Host is called on. Default:
|
||||
12201. Available only when GELF is activated.
|
||||
--log-gelf-timestamp-format <pattern>
|
||||
DEPRECATED. Set the format for the GELF timestamp field. Uses Java
|
||||
SimpleDateFormat pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. Available only
|
||||
when GELF is activated.
|
||||
--log-gelf-version <version>
|
||||
The GELF version to be used. Possible values are: 1.0, 1.1. Default: 1.1.
|
||||
Available only when GELF is activated.
|
||||
--log-level <category:level>
|
||||
The log level of the root category or a comma-separated list of individual
|
||||
categories and their levels. For the root category, you don't need to
|
||||
specify a category. Default: info.
|
||||
|
||||
Truststore:
|
||||
|
||||
--tls-hostname-verifier <tls-hostname-verifier>
|
||||
The TLS hostname verification policy for out-going HTTPS and SMTP requests.
|
||||
Possible values are: ANY, WILDCARD, STRICT. Default: WILDCARD.
|
||||
--truststore-paths <truststore-paths>
|
||||
List of pkcs12 (p12 or pfx file extensions), PEM files, or directories
|
||||
containing those files that will be used as a system truststore.
|
||||
|
||||
Security:
|
||||
|
||||
--fips-mode <mode> Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on
|
||||
non-approved mode. For full FIPS compliance, set 'strict' to run on approved
|
||||
mode. This option defaults to 'disabled' when 'fips' feature is disabled,
|
||||
which is by default. This option defaults to 'non-strict' when 'fips'
|
||||
feature is enabled. Possible values are: non-strict, strict. Default:
|
||||
disabled.
|
||||
|
||||
Do NOT start the server using this command when deploying to production.
|
||||
|
||||
Use 'kc.bat start-dev --help-all' to list all available options, including build
|
||||
options.
|
||||
|
|
@ -1,281 +0,0 @@
|
|||
Start the server.
|
||||
|
||||
Usage:
|
||||
|
||||
kc.bat start [OPTIONS]
|
||||
|
||||
Use this command to run the server in production.
|
||||
|
||||
Options:
|
||||
|
||||
-h, --help This help message.
|
||||
--help-all This same help message but with additional options.
|
||||
--import-realm Import realms during startup by reading any realm configuration file from the
|
||||
'data/import' directory.
|
||||
--optimized Use this option to achieve an optimal startup time if you have previously
|
||||
built a server image using the 'build' command.
|
||||
-v, --verbose Print out error details when running this command.
|
||||
|
||||
Cache:
|
||||
|
||||
--cache <type> Defines the cache mechanism for high-availability. By default in production
|
||||
mode, a 'ispn' cache is used to create a cluster between multiple server
|
||||
nodes. By default in development mode, a 'local' cache disables clustering
|
||||
and is intended for development and testing purposes. Possible values are:
|
||||
ispn, local. Default: ispn.
|
||||
--cache-config-file <file>
|
||||
Defines the file from which cache configuration should be loaded from. The
|
||||
configuration file is relative to the 'conf/' directory.
|
||||
--cache-embedded-mtls-enabled <true|false>
|
||||
Encrypts the network communication between Keycloak servers. Default: false.
|
||||
--cache-embedded-mtls-key-store-file <file>
|
||||
The Keystore file path. The Keystore must contain the certificate to use by
|
||||
the TLS protocol. By default, it lookup 'cache-mtls-keystore.p12' under
|
||||
conf/ directory.
|
||||
--cache-embedded-mtls-key-store-password <password>
|
||||
The password to access the Keystore.
|
||||
--cache-embedded-mtls-trust-store-file <file>
|
||||
The Truststore file path. It should contain the trusted certificates or the
|
||||
Certificate Authority that signed the certificates. By default, it lookup
|
||||
'cache-mtls-truststore.p12' under conf/ directory.
|
||||
--cache-embedded-mtls-trust-store-password <password>
|
||||
The password to access the Truststore.
|
||||
--cache-remote-host <hostname>
|
||||
The hostname of the remote server for the remote store configuration. It
|
||||
replaces the 'host' attribute of 'remote-server' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-username' and 'cache-remote-password' are required
|
||||
as well and the related configuration in XML file should not be present.
|
||||
--cache-remote-password <password>
|
||||
The password for the authentication to the remote server for the remote store.
|
||||
It replaces the 'password' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-username' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-remote-port <port>
|
||||
The port of the remote server for the remote store configuration. It replaces
|
||||
the 'port' attribute of 'remote-server' tag of the configuration specified
|
||||
via XML file (see 'cache-config-file' option.). Default: 11222.
|
||||
--cache-remote-username <username>
|
||||
The username for the authentication to the remote server for the remote store.
|
||||
It replaces the 'username' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-password' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-stack <stack>
|
||||
Define the default stack to use for cluster communication and node discovery.
|
||||
This option only takes effect if 'cache' is set to 'ispn'. Default: udp.
|
||||
Possible values are: tcp, udp, kubernetes, ec2, azure, google.
|
||||
|
||||
Database:
|
||||
|
||||
--db <vendor> The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
|
||||
mysql, oracle, postgres. Default: dev-file.
|
||||
--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
|
||||
driver is set accordingly to the chosen database.
|
||||
--db-password <password>
|
||||
The password of the database user.
|
||||
--db-pool-initial-size <size>
|
||||
The initial size of the connection pool.
|
||||
--db-pool-max-size <size>
|
||||
The maximum size of the connection pool. Default: 100.
|
||||
--db-pool-min-size <size>
|
||||
The minimal size of the connection pool.
|
||||
--db-schema <schema> The database schema to be used.
|
||||
--db-url <jdbc-url> The full database JDBC URL. If not provided, a default URL is set based on the
|
||||
selected database vendor. For instance, if using 'postgres', the default
|
||||
JDBC URL would be 'jdbc:postgresql://localhost/keycloak'.
|
||||
--db-url-database <dbname>
|
||||
Sets the database name of the default JDBC URL of the chosen vendor. If the
|
||||
`db-url` option is set, this option is ignored.
|
||||
--db-url-host <hostname>
|
||||
Sets the hostname of the default JDBC URL of the chosen vendor. If the
|
||||
`db-url` option is set, this option is ignored.
|
||||
--db-url-port <port> Sets the port of the default JDBC URL of the chosen vendor. If the `db-url`
|
||||
option is set, this option is ignored.
|
||||
--db-url-properties <properties>
|
||||
Sets the properties of the default JDBC URL of the chosen vendor. Make sure to
|
||||
set the properties accordingly to the format expected by the database
|
||||
vendor, as well as appending the right character at the beginning of this
|
||||
property value. If the `db-url` option is set, this option is ignored.
|
||||
--db-username <username>
|
||||
The username of the database user.
|
||||
|
||||
Transaction:
|
||||
|
||||
--transaction-xa-enabled <true|false>
|
||||
If set to true, XA datasources will be used. Default: false.
|
||||
|
||||
Feature:
|
||||
|
||||
--features <feature> Enables a set of one or more features. Possible values are: <...>.
|
||||
--features-disabled <feature>
|
||||
Disables a set of one or more features. Possible values are: <...>.
|
||||
|
||||
Hostname:
|
||||
|
||||
--hostname <hostname>
|
||||
Hostname for the Keycloak server.
|
||||
--hostname-admin <hostname>
|
||||
The hostname for accessing the administration console. Use this option if you
|
||||
are exposing the administration console using a hostname other than the
|
||||
value set to the 'hostname' option.
|
||||
--hostname-admin-url <url>
|
||||
Set the base URL for accessing the administration console, including scheme,
|
||||
host, port and path
|
||||
--hostname-debug <true|false>
|
||||
Toggle the hostname debug page that is accessible at
|
||||
/realms/master/hostname-debug Default: false.
|
||||
--hostname-path <path>
|
||||
This should be set if proxy uses a different context-path for Keycloak.
|
||||
--hostname-port <port>
|
||||
The port used by the proxy when exposing the hostname. Set this option if the
|
||||
proxy uses a port other than the default HTTP and HTTPS ports. Default: -1.
|
||||
--hostname-strict <true|false>
|
||||
Disables dynamically resolving the hostname from request headers. Should
|
||||
always be set to true in production, unless proxy verifies the Host header.
|
||||
Default: true.
|
||||
--hostname-strict-backchannel <true|false>
|
||||
By default backchannel URLs are dynamically resolved from request headers to
|
||||
allow internal and external applications. If all applications use the public
|
||||
URL this option should be enabled. Default: false.
|
||||
--hostname-url <url> Set the base URL for frontend URLs, including scheme, host, port and path.
|
||||
|
||||
HTTP(S):
|
||||
|
||||
--http-enabled <true|false>
|
||||
Enables the HTTP listener. Default: false.
|
||||
--http-host <host> The used HTTP Host. Default: 0.0.0.0.
|
||||
--http-max-queued-requests <requests>
|
||||
Maximum number of queued HTTP requests. Use this to shed load in an overload
|
||||
situation. Excess requests will return a "503 Server not Available" response.
|
||||
--http-pool-max-threads <threads>
|
||||
The maximum number of threads. If this is not specified then it will be
|
||||
automatically sized to the greatest of 8 * the number of available
|
||||
processors and 200. For example if there are 4 processors the max threads
|
||||
will be 200. If there are 48 processors it will be 384.
|
||||
--http-port <port> The used HTTP port. Default: 8080.
|
||||
--http-relative-path <path>
|
||||
Set the path relative to '/' for serving resources. The path must start with a
|
||||
'/'. Default: /.
|
||||
--https-certificate-file <file>
|
||||
The file path to a server certificate or certificate chain in PEM format.
|
||||
--https-certificate-key-file <file>
|
||||
The file path to a private key in PEM format.
|
||||
--https-cipher-suites <ciphers>
|
||||
The cipher suites to use. If none is given, a reasonable default is selected.
|
||||
--https-client-auth <auth>
|
||||
Configures the server to require/request client authentication. Possible
|
||||
values are: none, request, required. Default: none.
|
||||
--https-key-store-file <file>
|
||||
The key store which holds the certificate information instead of specifying
|
||||
separate files.
|
||||
--https-key-store-password <password>
|
||||
The password of the key store file. Default: password.
|
||||
--https-key-store-type <type>
|
||||
The type of the key store file. If not given, the type is automatically
|
||||
detected based on the file name. If 'fips-mode' is set to 'strict' and no
|
||||
value is set, it defaults to 'BCFKS'.
|
||||
--https-port <port> The used HTTPS port. Default: 8443.
|
||||
--https-protocols <protocols>
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2.
|
||||
--https-trust-store-file <file>
|
||||
DEPRECATED. The trust store which holds the certificate information of the
|
||||
certificates to trust. Use the System Truststore instead, see the docs for
|
||||
details.
|
||||
--https-trust-store-password <password>
|
||||
DEPRECATED. The password of the trust store file. Use the System Truststore
|
||||
instead, see the docs for details.
|
||||
--https-trust-store-type <type>
|
||||
DEPRECATED. The type of the trust store file. If not given, the type is
|
||||
automatically detected based on the file name. If 'fips-mode' is set to
|
||||
'strict' and no value is set, it defaults to 'BCFKS'. Use the System
|
||||
Truststore instead, see the docs for details.
|
||||
|
||||
Health:
|
||||
|
||||
--health-enabled <true|false>
|
||||
If the server should expose health check endpoints. If enabled, health checks
|
||||
are available at the '/health', '/health/ready' and '/health/live'
|
||||
endpoints. Default: false.
|
||||
|
||||
Config:
|
||||
|
||||
--config-keystore <config-keystore>
|
||||
Specifies a path to the KeyStore Configuration Source.
|
||||
--config-keystore-password <config-keystore-password>
|
||||
Specifies a password to the KeyStore Configuration Source.
|
||||
--config-keystore-type <config-keystore-type>
|
||||
Specifies a type of the KeyStore Configuration Source. Default: PKCS12.
|
||||
|
||||
Metrics:
|
||||
|
||||
--metrics-enabled <true|false>
|
||||
If the server should expose metrics. If enabled, metrics are available at the
|
||||
'/metrics' endpoint. Default: false.
|
||||
|
||||
Proxy:
|
||||
|
||||
--proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a
|
||||
reverse proxy. Possible values are: none, edge, reencrypt, passthrough.
|
||||
Default: none. Use the following option instead: proxy-headers.
|
||||
--proxy-headers <headers>
|
||||
The proxy headers that should be accepted by the server. Misconfiguration
|
||||
might leave the server exposed to security vulnerabilities. Takes precedence
|
||||
over the deprecated proxy option. Possible values are: forwarded, xforwarded.
|
||||
|
||||
Vault:
|
||||
|
||||
--vault <provider> Enables a vault provider. Possible values are: file, keystore.
|
||||
--vault-dir <dir> If set, secrets can be obtained by reading the content of files within the
|
||||
given directory.
|
||||
--vault-file <file> Path to the keystore file.
|
||||
--vault-pass <pass> Password for the vault keystore.
|
||||
--vault-type <type> Specifies the type of the keystore file. Default: PKCS12.
|
||||
|
||||
Logging:
|
||||
|
||||
--log <handler> Enable one or more log handlers in a comma-separated list. Possible values
|
||||
are: console, file, gelf (deprecated). Default: console.
|
||||
--log-console-color <true|false>
|
||||
Enable or disable colors when logging to console. Default: false. Available
|
||||
only when Console log handler is activated.
|
||||
--log-console-format <format>
|
||||
The format of unstructured console log entries. If the format has spaces in
|
||||
it, escape the value using "<format>". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} %
|
||||
-5p [%c] (%t) %s%e%n. Available only when Console log handler is activated.
|
||||
--log-console-output <output>
|
||||
Set the log output to JSON or default (plain) unstructured logging. Possible
|
||||
values are: default, json. Default: default. Available only when Console log
|
||||
handler is activated.
|
||||
--log-level <category:level>
|
||||
The log level of the root category or a comma-separated list of individual
|
||||
categories and their levels. For the root category, you don't need to
|
||||
specify a category. Default: info.
|
||||
|
||||
Truststore:
|
||||
|
||||
--tls-hostname-verifier <tls-hostname-verifier>
|
||||
The TLS hostname verification policy for out-going HTTPS and SMTP requests.
|
||||
Possible values are: ANY, WILDCARD, STRICT. Default: WILDCARD.
|
||||
--truststore-paths <truststore-paths>
|
||||
List of pkcs12 (p12 or pfx file extensions), PEM files, or directories
|
||||
containing those files that will be used as a system truststore.
|
||||
|
||||
Security:
|
||||
|
||||
--fips-mode <mode> Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on
|
||||
non-approved mode. For full FIPS compliance, set 'strict' to run on approved
|
||||
mode. This option defaults to 'disabled' when 'fips' feature is disabled,
|
||||
which is by default. This option defaults to 'non-strict' when 'fips'
|
||||
feature is enabled. Possible values are: non-strict, strict. Default:
|
||||
disabled.
|
||||
|
||||
By default, this command tries to update the server configuration by running a
|
||||
'build' before starting the server. You can disable this behavior by using the
|
||||
'--optimized' option:
|
||||
|
||||
$ kc.bat start '--optimized'
|
||||
|
||||
By doing that, the server should start faster based on any previous
|
||||
configuration you have set when manually running the 'build' command.
|
||||
|
|
@ -1,329 +0,0 @@
|
|||
Start the server.
|
||||
|
||||
Usage:
|
||||
|
||||
kc.bat start [OPTIONS]
|
||||
|
||||
Use this command to run the server in production.
|
||||
|
||||
Options:
|
||||
|
||||
-h, --help This help message.
|
||||
--help-all This same help message but with additional options.
|
||||
--import-realm Import realms during startup by reading any realm configuration file from the
|
||||
'data/import' directory.
|
||||
--optimized Use this option to achieve an optimal startup time if you have previously
|
||||
built a server image using the 'build' command.
|
||||
-v, --verbose Print out error details when running this command.
|
||||
|
||||
Cache:
|
||||
|
||||
--cache <type> Defines the cache mechanism for high-availability. By default in production
|
||||
mode, a 'ispn' cache is used to create a cluster between multiple server
|
||||
nodes. By default in development mode, a 'local' cache disables clustering
|
||||
and is intended for development and testing purposes. Possible values are:
|
||||
ispn, local. Default: ispn.
|
||||
--cache-config-file <file>
|
||||
Defines the file from which cache configuration should be loaded from. The
|
||||
configuration file is relative to the 'conf/' directory.
|
||||
--cache-embedded-mtls-enabled <true|false>
|
||||
Encrypts the network communication between Keycloak servers. Default: false.
|
||||
--cache-embedded-mtls-key-store-file <file>
|
||||
The Keystore file path. The Keystore must contain the certificate to use by
|
||||
the TLS protocol. By default, it lookup 'cache-mtls-keystore.p12' under
|
||||
conf/ directory.
|
||||
--cache-embedded-mtls-key-store-password <password>
|
||||
The password to access the Keystore.
|
||||
--cache-embedded-mtls-trust-store-file <file>
|
||||
The Truststore file path. It should contain the trusted certificates or the
|
||||
Certificate Authority that signed the certificates. By default, it lookup
|
||||
'cache-mtls-truststore.p12' under conf/ directory.
|
||||
--cache-embedded-mtls-trust-store-password <password>
|
||||
The password to access the Truststore.
|
||||
--cache-metrics-histograms-enabled <true|false>
|
||||
Enable histograms for metrics for the embedded caches. Default: false.
|
||||
Available only when metrics are enabled.
|
||||
--cache-remote-host <hostname>
|
||||
The hostname of the remote server for the remote store configuration. It
|
||||
replaces the 'host' attribute of 'remote-server' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-username' and 'cache-remote-password' are required
|
||||
as well and the related configuration in XML file should not be present.
|
||||
--cache-remote-password <password>
|
||||
The password for the authentication to the remote server for the remote store.
|
||||
It replaces the 'password' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-username' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-remote-port <port>
|
||||
The port of the remote server for the remote store configuration. It replaces
|
||||
the 'port' attribute of 'remote-server' tag of the configuration specified
|
||||
via XML file (see 'cache-config-file' option.). Default: 11222.
|
||||
--cache-remote-username <username>
|
||||
The username for the authentication to the remote server for the remote store.
|
||||
It replaces the 'username' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-password' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-stack <stack>
|
||||
Define the default stack to use for cluster communication and node discovery.
|
||||
This option only takes effect if 'cache' is set to 'ispn'. Default: udp.
|
||||
Possible values are: tcp, udp, kubernetes, ec2, azure, google.
|
||||
|
||||
Database:
|
||||
|
||||
--db <vendor> The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
|
||||
mysql, oracle, postgres. Default: dev-file.
|
||||
--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
|
||||
driver is set accordingly to the chosen database.
|
||||
--db-password <password>
|
||||
The password of the database user.
|
||||
--db-pool-initial-size <size>
|
||||
The initial size of the connection pool.
|
||||
--db-pool-max-size <size>
|
||||
The maximum size of the connection pool. Default: 100.
|
||||
--db-pool-min-size <size>
|
||||
The minimal size of the connection pool.
|
||||
--db-schema <schema> The database schema to be used.
|
||||
--db-url <jdbc-url> The full database JDBC URL. If not provided, a default URL is set based on the
|
||||
selected database vendor. For instance, if using 'postgres', the default
|
||||
JDBC URL would be 'jdbc:postgresql://localhost/keycloak'.
|
||||
--db-url-database <dbname>
|
||||
Sets the database name of the default JDBC URL of the chosen vendor. If the
|
||||
`db-url` option is set, this option is ignored.
|
||||
--db-url-host <hostname>
|
||||
Sets the hostname of the default JDBC URL of the chosen vendor. If the
|
||||
`db-url` option is set, this option is ignored.
|
||||
--db-url-port <port> Sets the port of the default JDBC URL of the chosen vendor. If the `db-url`
|
||||
option is set, this option is ignored.
|
||||
--db-url-properties <properties>
|
||||
Sets the properties of the default JDBC URL of the chosen vendor. Make sure to
|
||||
set the properties accordingly to the format expected by the database
|
||||
vendor, as well as appending the right character at the beginning of this
|
||||
property value. If the `db-url` option is set, this option is ignored.
|
||||
--db-username <username>
|
||||
The username of the database user.
|
||||
|
||||
Transaction:
|
||||
|
||||
--transaction-xa-enabled <true|false>
|
||||
If set to true, XA datasources will be used. Default: false.
|
||||
|
||||
Feature:
|
||||
|
||||
--features <feature> Enables a set of one or more features. Possible values are: <...>.
|
||||
--features-disabled <feature>
|
||||
Disables a set of one or more features. Possible values are: <...>.
|
||||
|
||||
Hostname:
|
||||
|
||||
--hostname <hostname>
|
||||
Hostname for the Keycloak server.
|
||||
--hostname-admin <hostname>
|
||||
The hostname for accessing the administration console. Use this option if you
|
||||
are exposing the administration console using a hostname other than the
|
||||
value set to the 'hostname' option.
|
||||
--hostname-admin-url <url>
|
||||
Set the base URL for accessing the administration console, including scheme,
|
||||
host, port and path
|
||||
--hostname-debug <true|false>
|
||||
Toggle the hostname debug page that is accessible at
|
||||
/realms/master/hostname-debug Default: false.
|
||||
--hostname-path <path>
|
||||
This should be set if proxy uses a different context-path for Keycloak.
|
||||
--hostname-port <port>
|
||||
The port used by the proxy when exposing the hostname. Set this option if the
|
||||
proxy uses a port other than the default HTTP and HTTPS ports. Default: -1.
|
||||
--hostname-strict <true|false>
|
||||
Disables dynamically resolving the hostname from request headers. Should
|
||||
always be set to true in production, unless proxy verifies the Host header.
|
||||
Default: true.
|
||||
--hostname-strict-backchannel <true|false>
|
||||
By default backchannel URLs are dynamically resolved from request headers to
|
||||
allow internal and external applications. If all applications use the public
|
||||
URL this option should be enabled. Default: false.
|
||||
--hostname-url <url> Set the base URL for frontend URLs, including scheme, host, port and path.
|
||||
|
||||
HTTP(S):
|
||||
|
||||
--http-enabled <true|false>
|
||||
Enables the HTTP listener. Default: false.
|
||||
--http-host <host> The used HTTP Host. Default: 0.0.0.0.
|
||||
--http-max-queued-requests <requests>
|
||||
Maximum number of queued HTTP requests. Use this to shed load in an overload
|
||||
situation. Excess requests will return a "503 Server not Available" response.
|
||||
--http-pool-max-threads <threads>
|
||||
The maximum number of threads. If this is not specified then it will be
|
||||
automatically sized to the greatest of 8 * the number of available
|
||||
processors and 200. For example if there are 4 processors the max threads
|
||||
will be 200. If there are 48 processors it will be 384.
|
||||
--http-port <port> The used HTTP port. Default: 8080.
|
||||
--http-relative-path <path>
|
||||
Set the path relative to '/' for serving resources. The path must start with a
|
||||
'/'. Default: /.
|
||||
--https-certificate-file <file>
|
||||
The file path to a server certificate or certificate chain in PEM format.
|
||||
--https-certificate-key-file <file>
|
||||
The file path to a private key in PEM format.
|
||||
--https-cipher-suites <ciphers>
|
||||
The cipher suites to use. If none is given, a reasonable default is selected.
|
||||
--https-client-auth <auth>
|
||||
Configures the server to require/request client authentication. Possible
|
||||
values are: none, request, required. Default: none.
|
||||
--https-key-store-file <file>
|
||||
The key store which holds the certificate information instead of specifying
|
||||
separate files.
|
||||
--https-key-store-password <password>
|
||||
The password of the key store file. Default: password.
|
||||
--https-key-store-type <type>
|
||||
The type of the key store file. If not given, the type is automatically
|
||||
detected based on the file name. If 'fips-mode' is set to 'strict' and no
|
||||
value is set, it defaults to 'BCFKS'.
|
||||
--https-port <port> The used HTTPS port. Default: 8443.
|
||||
--https-protocols <protocols>
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2.
|
||||
--https-trust-store-file <file>
|
||||
DEPRECATED. The trust store which holds the certificate information of the
|
||||
certificates to trust. Use the System Truststore instead, see the docs for
|
||||
details.
|
||||
--https-trust-store-password <password>
|
||||
DEPRECATED. The password of the trust store file. Use the System Truststore
|
||||
instead, see the docs for details.
|
||||
--https-trust-store-type <type>
|
||||
DEPRECATED. The type of the trust store file. If not given, the type is
|
||||
automatically detected based on the file name. If 'fips-mode' is set to
|
||||
'strict' and no value is set, it defaults to 'BCFKS'. Use the System
|
||||
Truststore instead, see the docs for details.
|
||||
|
||||
Health:
|
||||
|
||||
--health-enabled <true|false>
|
||||
If the server should expose health check endpoints. If enabled, health checks
|
||||
are available at the '/health', '/health/ready' and '/health/live'
|
||||
endpoints. Default: false.
|
||||
|
||||
Config:
|
||||
|
||||
--config-keystore <config-keystore>
|
||||
Specifies a path to the KeyStore Configuration Source.
|
||||
--config-keystore-password <config-keystore-password>
|
||||
Specifies a password to the KeyStore Configuration Source.
|
||||
--config-keystore-type <config-keystore-type>
|
||||
Specifies a type of the KeyStore Configuration Source. Default: PKCS12.
|
||||
|
||||
Metrics:
|
||||
|
||||
--metrics-enabled <true|false>
|
||||
If the server should expose metrics. If enabled, metrics are available at the
|
||||
'/metrics' endpoint. Default: false.
|
||||
|
||||
Proxy:
|
||||
|
||||
--proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a
|
||||
reverse proxy. Possible values are: none, edge, reencrypt, passthrough.
|
||||
Default: none. Use the following option instead: proxy-headers.
|
||||
--proxy-headers <headers>
|
||||
The proxy headers that should be accepted by the server. Misconfiguration
|
||||
might leave the server exposed to security vulnerabilities. Takes precedence
|
||||
over the deprecated proxy option. Possible values are: forwarded, xforwarded.
|
||||
|
||||
Vault:
|
||||
|
||||
--vault <provider> Enables a vault provider. Possible values are: file, keystore.
|
||||
--vault-dir <dir> If set, secrets can be obtained by reading the content of files within the
|
||||
given directory.
|
||||
--vault-file <file> Path to the keystore file.
|
||||
--vault-pass <pass> Password for the vault keystore.
|
||||
--vault-type <type> Specifies the type of the keystore file. Default: PKCS12.
|
||||
|
||||
Logging:
|
||||
|
||||
--log <handler> Enable one or more log handlers in a comma-separated list. Possible values
|
||||
are: console, file, gelf (deprecated). Default: console.
|
||||
--log-console-color <true|false>
|
||||
Enable or disable colors when logging to console. Default: false. Available
|
||||
only when Console log handler is activated.
|
||||
--log-console-format <format>
|
||||
The format of unstructured console log entries. If the format has spaces in
|
||||
it, escape the value using "<format>". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} %
|
||||
-5p [%c] (%t) %s%e%n. Available only when Console log handler is activated.
|
||||
--log-console-output <output>
|
||||
Set the log output to JSON or default (plain) unstructured logging. Possible
|
||||
values are: default, json. Default: default. Available only when Console log
|
||||
handler is activated.
|
||||
--log-file <file> Set the log file path and filename. Default: data/log/keycloak.log. Available
|
||||
only when File log handler is activated.
|
||||
--log-file-format <format>
|
||||
Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss,
|
||||
SSS} %-5p [%c] (%t) %s%e%n. Available only when File log handler is
|
||||
activated.
|
||||
--log-file-output <output>
|
||||
Set the log output to JSON or default (plain) unstructured logging. Possible
|
||||
values are: default, json. Default: default. Available only when File log
|
||||
handler is activated.
|
||||
--log-gelf-facility <name>
|
||||
DEPRECATED. The facility (name of the process) that sends the message.
|
||||
Default: keycloak. Available only when GELF is activated.
|
||||
--log-gelf-host <hostname>
|
||||
DEPRECATED. Hostname of the Logstash or Graylog Host. By default UDP is used,
|
||||
prefix the host with 'tcp:' to switch to TCP. Example: 'tcp:localhost'
|
||||
Default: localhost. Available only when GELF is activated.
|
||||
--log-gelf-include-location <true|false>
|
||||
DEPRECATED. Include source code location. Default: true. Available only when
|
||||
GELF is activated.
|
||||
--log-gelf-include-message-parameters <true|false>
|
||||
DEPRECATED. Include message parameters from the log event. Default: true.
|
||||
Available only when GELF is activated.
|
||||
--log-gelf-include-stack-trace <true|false>
|
||||
DEPRECATED. If set to true, occuring stack traces are included in the
|
||||
'StackTrace' field in the GELF output. Default: true. Available only when
|
||||
GELF is activated.
|
||||
--log-gelf-level <level>
|
||||
DEPRECATED. The log level specifying which message levels will be logged by
|
||||
the GELF logger. Message levels lower than this value will be discarded.
|
||||
Default: INFO. Available only when GELF is activated.
|
||||
--log-gelf-max-message-size <size>
|
||||
DEPRECATED. Maximum message size (in bytes). If the message size is exceeded,
|
||||
GELF will submit the message in multiple chunks. Default: 8192. Available
|
||||
only when GELF is activated.
|
||||
--log-gelf-port <port>
|
||||
DEPRECATED. The port the Logstash or Graylog Host is called on. Default:
|
||||
12201. Available only when GELF is activated.
|
||||
--log-gelf-timestamp-format <pattern>
|
||||
DEPRECATED. Set the format for the GELF timestamp field. Uses Java
|
||||
SimpleDateFormat pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. Available only
|
||||
when GELF is activated.
|
||||
--log-gelf-version <version>
|
||||
The GELF version to be used. Possible values are: 1.0, 1.1. Default: 1.1.
|
||||
Available only when GELF is activated.
|
||||
--log-level <category:level>
|
||||
The log level of the root category or a comma-separated list of individual
|
||||
categories and their levels. For the root category, you don't need to
|
||||
specify a category. Default: info.
|
||||
|
||||
Truststore:
|
||||
|
||||
--tls-hostname-verifier <tls-hostname-verifier>
|
||||
The TLS hostname verification policy for out-going HTTPS and SMTP requests.
|
||||
Possible values are: ANY, WILDCARD, STRICT. Default: WILDCARD.
|
||||
--truststore-paths <truststore-paths>
|
||||
List of pkcs12 (p12 or pfx file extensions), PEM files, or directories
|
||||
containing those files that will be used as a system truststore.
|
||||
|
||||
Security:
|
||||
|
||||
--fips-mode <mode> Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on
|
||||
non-approved mode. For full FIPS compliance, set 'strict' to run on approved
|
||||
mode. This option defaults to 'disabled' when 'fips' feature is disabled,
|
||||
which is by default. This option defaults to 'non-strict' when 'fips'
|
||||
feature is enabled. Possible values are: non-strict, strict. Default:
|
||||
disabled.
|
||||
|
||||
By default, this command tries to update the server configuration by running a
|
||||
'build' before starting the server. You can disable this behavior by using the
|
||||
'--optimized' option:
|
||||
|
||||
$ kc.bat start '--optimized'
|
||||
|
||||
By doing that, the server should start faster based on any previous
|
||||
configuration you have set when manually running the 'build' command.
|
||||
|
|
@ -1,237 +0,0 @@
|
|||
Start the server.
|
||||
|
||||
Usage:
|
||||
|
||||
kc.bat start [OPTIONS]
|
||||
|
||||
Use this command to run the server in production.
|
||||
|
||||
Options:
|
||||
|
||||
-h, --help This help message.
|
||||
--help-all This same help message but with additional options.
|
||||
--import-realm Import realms during startup by reading any realm configuration file from the
|
||||
'data/import' directory.
|
||||
--optimized Use this option to achieve an optimal startup time if you have previously
|
||||
built a server image using the 'build' command.
|
||||
-v, --verbose Print out error details when running this command.
|
||||
|
||||
Cache:
|
||||
|
||||
--cache-remote-host <hostname>
|
||||
The hostname of the remote server for the remote store configuration. It
|
||||
replaces the 'host' attribute of 'remote-server' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-username' and 'cache-remote-password' are required
|
||||
as well and the related configuration in XML file should not be present.
|
||||
--cache-remote-password <password>
|
||||
The password for the authentication to the remote server for the remote store.
|
||||
It replaces the 'password' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-username' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-remote-port <port>
|
||||
The port of the remote server for the remote store configuration. It replaces
|
||||
the 'port' attribute of 'remote-server' tag of the configuration specified
|
||||
via XML file (see 'cache-config-file' option.). Default: 11222.
|
||||
--cache-remote-username <username>
|
||||
The username for the authentication to the remote server for the remote store.
|
||||
It replaces the 'username' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-password' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
|
||||
Database:
|
||||
|
||||
--db-password <password>
|
||||
The password of the database user.
|
||||
--db-pool-initial-size <size>
|
||||
The initial size of the connection pool.
|
||||
--db-pool-max-size <size>
|
||||
The maximum size of the connection pool. Default: 100.
|
||||
--db-pool-min-size <size>
|
||||
The minimal size of the connection pool.
|
||||
--db-schema <schema> The database schema to be used.
|
||||
--db-url <jdbc-url> The full database JDBC URL. If not provided, a default URL is set based on the
|
||||
selected database vendor. For instance, if using 'postgres', the default
|
||||
JDBC URL would be 'jdbc:postgresql://localhost/keycloak'.
|
||||
--db-url-database <dbname>
|
||||
Sets the database name of the default JDBC URL of the chosen vendor. If the
|
||||
`db-url` option is set, this option is ignored.
|
||||
--db-url-host <hostname>
|
||||
Sets the hostname of the default JDBC URL of the chosen vendor. If the
|
||||
`db-url` option is set, this option is ignored.
|
||||
--db-url-port <port> Sets the port of the default JDBC URL of the chosen vendor. If the `db-url`
|
||||
option is set, this option is ignored.
|
||||
--db-url-properties <properties>
|
||||
Sets the properties of the default JDBC URL of the chosen vendor. Make sure to
|
||||
set the properties accordingly to the format expected by the database
|
||||
vendor, as well as appending the right character at the beginning of this
|
||||
property value. If the `db-url` option is set, this option is ignored.
|
||||
--db-username <username>
|
||||
The username of the database user.
|
||||
|
||||
Hostname:
|
||||
|
||||
--hostname <hostname>
|
||||
Hostname for the Keycloak server.
|
||||
--hostname-admin <hostname>
|
||||
The hostname for accessing the administration console. Use this option if you
|
||||
are exposing the administration console using a hostname other than the
|
||||
value set to the 'hostname' option.
|
||||
--hostname-admin-url <url>
|
||||
Set the base URL for accessing the administration console, including scheme,
|
||||
host, port and path
|
||||
--hostname-debug <true|false>
|
||||
Toggle the hostname debug page that is accessible at
|
||||
/realms/master/hostname-debug Default: false.
|
||||
--hostname-path <path>
|
||||
This should be set if proxy uses a different context-path for Keycloak.
|
||||
--hostname-port <port>
|
||||
The port used by the proxy when exposing the hostname. Set this option if the
|
||||
proxy uses a port other than the default HTTP and HTTPS ports. Default: -1.
|
||||
--hostname-strict <true|false>
|
||||
Disables dynamically resolving the hostname from request headers. Should
|
||||
always be set to true in production, unless proxy verifies the Host header.
|
||||
Default: true.
|
||||
--hostname-strict-backchannel <true|false>
|
||||
By default backchannel URLs are dynamically resolved from request headers to
|
||||
allow internal and external applications. If all applications use the public
|
||||
URL this option should be enabled. Default: false.
|
||||
--hostname-url <url> Set the base URL for frontend URLs, including scheme, host, port and path.
|
||||
|
||||
HTTP(S):
|
||||
|
||||
--http-enabled <true|false>
|
||||
Enables the HTTP listener. Default: false.
|
||||
--http-host <host> The used HTTP Host. Default: 0.0.0.0.
|
||||
--http-max-queued-requests <requests>
|
||||
Maximum number of queued HTTP requests. Use this to shed load in an overload
|
||||
situation. Excess requests will return a "503 Server not Available" response.
|
||||
--http-port <port> The used HTTP port. Default: 8080.
|
||||
--https-certificate-file <file>
|
||||
The file path to a server certificate or certificate chain in PEM format.
|
||||
--https-certificate-key-file <file>
|
||||
The file path to a private key in PEM format.
|
||||
--https-cipher-suites <ciphers>
|
||||
The cipher suites to use. If none is given, a reasonable default is selected.
|
||||
--https-key-store-file <file>
|
||||
The key store which holds the certificate information instead of specifying
|
||||
separate files.
|
||||
--https-key-store-password <password>
|
||||
The password of the key store file. Default: password.
|
||||
--https-key-store-type <type>
|
||||
The type of the key store file. If not given, the type is automatically
|
||||
detected based on the file name. If 'fips-mode' is set to 'strict' and no
|
||||
value is set, it defaults to 'BCFKS'.
|
||||
--https-port <port> The used HTTPS port. Default: 8443.
|
||||
--https-protocols <protocols>
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2.
|
||||
--https-trust-store-file <file>
|
||||
DEPRECATED. The trust store which holds the certificate information of the
|
||||
certificates to trust. Use the System Truststore instead, see the docs for
|
||||
details.
|
||||
--https-trust-store-password <password>
|
||||
DEPRECATED. The password of the trust store file. Use the System Truststore
|
||||
instead, see the docs for details.
|
||||
--https-trust-store-type <type>
|
||||
DEPRECATED. The type of the trust store file. If not given, the type is
|
||||
automatically detected based on the file name. If 'fips-mode' is set to
|
||||
'strict' and no value is set, it defaults to 'BCFKS'. Use the System
|
||||
Truststore instead, see the docs for details.
|
||||
|
||||
Config:
|
||||
|
||||
--config-keystore <config-keystore>
|
||||
Specifies a path to the KeyStore Configuration Source.
|
||||
--config-keystore-password <config-keystore-password>
|
||||
Specifies a password to the KeyStore Configuration Source.
|
||||
--config-keystore-type <config-keystore-type>
|
||||
Specifies a type of the KeyStore Configuration Source. Default: PKCS12.
|
||||
|
||||
Proxy:
|
||||
|
||||
--proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a
|
||||
reverse proxy. Possible values are: none, edge, reencrypt, passthrough.
|
||||
Default: none. Use the following option instead: proxy-headers.
|
||||
--proxy-headers <headers>
|
||||
The proxy headers that should be accepted by the server. Misconfiguration
|
||||
might leave the server exposed to security vulnerabilities. Takes precedence
|
||||
over the deprecated proxy option. Possible values are: forwarded, xforwarded.
|
||||
|
||||
Vault:
|
||||
|
||||
--vault-dir <dir> If set, secrets can be obtained by reading the content of files within the
|
||||
given directory.
|
||||
--vault-file <file> Path to the keystore file.
|
||||
--vault-pass <pass> Password for the vault keystore.
|
||||
--vault-type <type> Specifies the type of the keystore file. Default: PKCS12.
|
||||
|
||||
Logging:
|
||||
|
||||
--log <handler> Enable one or more log handlers in a comma-separated list. Possible values
|
||||
are: console, file, gelf (deprecated). Default: console.
|
||||
--log-console-color <true|false>
|
||||
Enable or disable colors when logging to console. Default: false.
|
||||
--log-console-format <format>
|
||||
The format of unstructured console log entries. If the format has spaces in
|
||||
it, escape the value using "<format>". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} %
|
||||
-5p [%c] (%t) %s%e%n.
|
||||
--log-console-output <output>
|
||||
Set the log output to JSON or default (plain) unstructured logging. Possible
|
||||
values are: default, json. Default: default.
|
||||
--log-file <file> Set the log file path and filename. Default: data/log/keycloak.log.
|
||||
--log-file-format <format>
|
||||
Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss,
|
||||
SSS} %-5p [%c] (%t) %s%e%n.
|
||||
--log-file-output <output>
|
||||
Set the log output to JSON or default (plain) unstructured logging. Possible
|
||||
values are: default, json. Default: default.
|
||||
--log-gelf-facility <name>
|
||||
DEPRECATED. The facility (name of the process) that sends the message.
|
||||
Default: keycloak.
|
||||
--log-gelf-host <hostname>
|
||||
DEPRECATED. Hostname of the Logstash or Graylog Host. By default UDP is used,
|
||||
prefix the host with 'tcp:' to switch to TCP. Example: 'tcp:localhost'
|
||||
Default: localhost.
|
||||
--log-gelf-include-location <true|false>
|
||||
DEPRECATED. Include source code location. Default: true.
|
||||
--log-gelf-include-message-parameters <true|false>
|
||||
DEPRECATED. Include message parameters from the log event. Default: true.
|
||||
--log-gelf-include-stack-trace <true|false>
|
||||
DEPRECATED. If set to true, occuring stack traces are included in the
|
||||
'StackTrace' field in the GELF output. Default: true.
|
||||
--log-gelf-level <level>
|
||||
DEPRECATED. The log level specifying which message levels will be logged by
|
||||
the GELF logger. Message levels lower than this value will be discarded.
|
||||
Default: INFO.
|
||||
--log-gelf-max-message-size <size>
|
||||
DEPRECATED. Maximum message size (in bytes). If the message size is exceeded,
|
||||
GELF will submit the message in multiple chunks. Default: 8192.
|
||||
--log-gelf-port <port>
|
||||
DEPRECATED. The port the Logstash or Graylog Host is called on. Default: 12201.
|
||||
--log-gelf-timestamp-format <pattern>
|
||||
DEPRECATED. Set the format for the GELF timestamp field. Uses Java
|
||||
SimpleDateFormat pattern. Default: yyyy-MM-dd HH:mm:ss,SSS.
|
||||
--log-level <category:level>
|
||||
The log level of the root category or a comma-separated list of individual
|
||||
categories and their levels. For the root category, you don't need to
|
||||
specify a category. Default: info.
|
||||
|
||||
Truststore:
|
||||
|
||||
--tls-hostname-verifier <tls-hostname-verifier>
|
||||
The TLS hostname verification policy for out-going HTTPS and SMTP requests.
|
||||
Possible values are: ANY, WILDCARD, STRICT. Default: WILDCARD.
|
||||
--truststore-paths <truststore-paths>
|
||||
List of pkcs12 (p12 or pfx file extensions), PEM files, or directories
|
||||
containing those files that will be used as a system truststore.
|
||||
|
||||
By default, this command tries to update the server configuration by running a
|
||||
'build' before starting the server. You can disable this behavior by using the
|
||||
'--optimized' option:
|
||||
|
||||
$ kc.bat start '--optimized'
|
||||
|
||||
By doing that, the server should start faster based on any previous
|
||||
configuration you have set when manually running the 'build' command.
|
||||
|
|
@ -1,237 +0,0 @@
|
|||
Start the server.
|
||||
|
||||
Usage:
|
||||
|
||||
kc.bat start [OPTIONS]
|
||||
|
||||
Use this command to run the server in production.
|
||||
|
||||
Options:
|
||||
|
||||
-h, --help This help message.
|
||||
--help-all This same help message but with additional options.
|
||||
--import-realm Import realms during startup by reading any realm configuration file from the
|
||||
'data/import' directory.
|
||||
--optimized Use this option to achieve an optimal startup time if you have previously
|
||||
built a server image using the 'build' command.
|
||||
-v, --verbose Print out error details when running this command.
|
||||
|
||||
Cache:
|
||||
|
||||
--cache-remote-host <hostname>
|
||||
The hostname of the remote server for the remote store configuration. It
|
||||
replaces the 'host' attribute of 'remote-server' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-username' and 'cache-remote-password' are required
|
||||
as well and the related configuration in XML file should not be present.
|
||||
--cache-remote-password <password>
|
||||
The password for the authentication to the remote server for the remote store.
|
||||
It replaces the 'password' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-username' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-remote-port <port>
|
||||
The port of the remote server for the remote store configuration. It replaces
|
||||
the 'port' attribute of 'remote-server' tag of the configuration specified
|
||||
via XML file (see 'cache-config-file' option.). Default: 11222.
|
||||
--cache-remote-username <username>
|
||||
The username for the authentication to the remote server for the remote store.
|
||||
It replaces the 'username' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-password' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
|
||||
Database:
|
||||
|
||||
--db-password <password>
|
||||
The password of the database user.
|
||||
--db-pool-initial-size <size>
|
||||
The initial size of the connection pool.
|
||||
--db-pool-max-size <size>
|
||||
The maximum size of the connection pool. Default: 100.
|
||||
--db-pool-min-size <size>
|
||||
The minimal size of the connection pool.
|
||||
--db-schema <schema> The database schema to be used.
|
||||
--db-url <jdbc-url> The full database JDBC URL. If not provided, a default URL is set based on the
|
||||
selected database vendor. For instance, if using 'postgres', the default
|
||||
JDBC URL would be 'jdbc:postgresql://localhost/keycloak'.
|
||||
--db-url-database <dbname>
|
||||
Sets the database name of the default JDBC URL of the chosen vendor. If the
|
||||
`db-url` option is set, this option is ignored.
|
||||
--db-url-host <hostname>
|
||||
Sets the hostname of the default JDBC URL of the chosen vendor. If the
|
||||
`db-url` option is set, this option is ignored.
|
||||
--db-url-port <port> Sets the port of the default JDBC URL of the chosen vendor. If the `db-url`
|
||||
option is set, this option is ignored.
|
||||
--db-url-properties <properties>
|
||||
Sets the properties of the default JDBC URL of the chosen vendor. Make sure to
|
||||
set the properties accordingly to the format expected by the database
|
||||
vendor, as well as appending the right character at the beginning of this
|
||||
property value. If the `db-url` option is set, this option is ignored.
|
||||
--db-username <username>
|
||||
The username of the database user.
|
||||
|
||||
Hostname:
|
||||
|
||||
--hostname <hostname>
|
||||
Hostname for the Keycloak server.
|
||||
--hostname-admin <hostname>
|
||||
The hostname for accessing the administration console. Use this option if you
|
||||
are exposing the administration console using a hostname other than the
|
||||
value set to the 'hostname' option.
|
||||
--hostname-admin-url <url>
|
||||
Set the base URL for accessing the administration console, including scheme,
|
||||
host, port and path
|
||||
--hostname-debug <true|false>
|
||||
Toggle the hostname debug page that is accessible at
|
||||
/realms/master/hostname-debug Default: false.
|
||||
--hostname-path <path>
|
||||
This should be set if proxy uses a different context-path for Keycloak.
|
||||
--hostname-port <port>
|
||||
The port used by the proxy when exposing the hostname. Set this option if the
|
||||
proxy uses a port other than the default HTTP and HTTPS ports. Default: -1.
|
||||
--hostname-strict <true|false>
|
||||
Disables dynamically resolving the hostname from request headers. Should
|
||||
always be set to true in production, unless proxy verifies the Host header.
|
||||
Default: true.
|
||||
--hostname-strict-backchannel <true|false>
|
||||
By default backchannel URLs are dynamically resolved from request headers to
|
||||
allow internal and external applications. If all applications use the public
|
||||
URL this option should be enabled. Default: false.
|
||||
--hostname-url <url> Set the base URL for frontend URLs, including scheme, host, port and path.
|
||||
|
||||
HTTP(S):
|
||||
|
||||
--http-enabled <true|false>
|
||||
Enables the HTTP listener. Default: false.
|
||||
--http-host <host> The used HTTP Host. Default: 0.0.0.0.
|
||||
--http-max-queued-requests <requests>
|
||||
Maximum number of queued HTTP requests. Use this to shed load in an overload
|
||||
situation. Excess requests will return a "503 Server not Available" response.
|
||||
--http-port <port> The used HTTP port. Default: 8080.
|
||||
--https-certificate-file <file>
|
||||
The file path to a server certificate or certificate chain in PEM format.
|
||||
--https-certificate-key-file <file>
|
||||
The file path to a private key in PEM format.
|
||||
--https-cipher-suites <ciphers>
|
||||
The cipher suites to use. If none is given, a reasonable default is selected.
|
||||
--https-key-store-file <file>
|
||||
The key store which holds the certificate information instead of specifying
|
||||
separate files.
|
||||
--https-key-store-password <password>
|
||||
The password of the key store file. Default: password.
|
||||
--https-key-store-type <type>
|
||||
The type of the key store file. If not given, the type is automatically
|
||||
detected based on the file name. If 'fips-mode' is set to 'strict' and no
|
||||
value is set, it defaults to 'BCFKS'.
|
||||
--https-port <port> The used HTTPS port. Default: 8443.
|
||||
--https-protocols <protocols>
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2.
|
||||
--https-trust-store-file <file>
|
||||
DEPRECATED. The trust store which holds the certificate information of the
|
||||
certificates to trust. Use the System Truststore instead, see the docs for
|
||||
details.
|
||||
--https-trust-store-password <password>
|
||||
DEPRECATED. The password of the trust store file. Use the System Truststore
|
||||
instead, see the docs for details.
|
||||
--https-trust-store-type <type>
|
||||
DEPRECATED. The type of the trust store file. If not given, the type is
|
||||
automatically detected based on the file name. If 'fips-mode' is set to
|
||||
'strict' and no value is set, it defaults to 'BCFKS'. Use the System
|
||||
Truststore instead, see the docs for details.
|
||||
|
||||
Config:
|
||||
|
||||
--config-keystore <config-keystore>
|
||||
Specifies a path to the KeyStore Configuration Source.
|
||||
--config-keystore-password <config-keystore-password>
|
||||
Specifies a password to the KeyStore Configuration Source.
|
||||
--config-keystore-type <config-keystore-type>
|
||||
Specifies a type of the KeyStore Configuration Source. Default: PKCS12.
|
||||
|
||||
Proxy:
|
||||
|
||||
--proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a
|
||||
reverse proxy. Possible values are: none, edge, reencrypt, passthrough.
|
||||
Default: none. Use the following option instead: proxy-headers.
|
||||
--proxy-headers <headers>
|
||||
The proxy headers that should be accepted by the server. Misconfiguration
|
||||
might leave the server exposed to security vulnerabilities. Takes precedence
|
||||
over the deprecated proxy option. Possible values are: forwarded, xforwarded.
|
||||
|
||||
Vault:
|
||||
|
||||
--vault-dir <dir> If set, secrets can be obtained by reading the content of files within the
|
||||
given directory.
|
||||
--vault-file <file> Path to the keystore file.
|
||||
--vault-pass <pass> Password for the vault keystore.
|
||||
--vault-type <type> Specifies the type of the keystore file. Default: PKCS12.
|
||||
|
||||
Logging:
|
||||
|
||||
--log <handler> Enable one or more log handlers in a comma-separated list. Possible values
|
||||
are: console, file, gelf (deprecated). Default: console.
|
||||
--log-console-color <true|false>
|
||||
Enable or disable colors when logging to console. Default: false.
|
||||
--log-console-format <format>
|
||||
The format of unstructured console log entries. If the format has spaces in
|
||||
it, escape the value using "<format>". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} %
|
||||
-5p [%c] (%t) %s%e%n.
|
||||
--log-console-output <output>
|
||||
Set the log output to JSON or default (plain) unstructured logging. Possible
|
||||
values are: default, json. Default: default.
|
||||
--log-file <file> Set the log file path and filename. Default: data/log/keycloak.log.
|
||||
--log-file-format <format>
|
||||
Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss,
|
||||
SSS} %-5p [%c] (%t) %s%e%n.
|
||||
--log-file-output <output>
|
||||
Set the log output to JSON or default (plain) unstructured logging. Possible
|
||||
values are: default, json. Default: default.
|
||||
--log-gelf-facility <name>
|
||||
DEPRECATED. The facility (name of the process) that sends the message.
|
||||
Default: keycloak.
|
||||
--log-gelf-host <hostname>
|
||||
DEPRECATED. Hostname of the Logstash or Graylog Host. By default UDP is used,
|
||||
prefix the host with 'tcp:' to switch to TCP. Example: 'tcp:localhost'
|
||||
Default: localhost.
|
||||
--log-gelf-include-location <true|false>
|
||||
DEPRECATED. Include source code location. Default: true.
|
||||
--log-gelf-include-message-parameters <true|false>
|
||||
DEPRECATED. Include message parameters from the log event. Default: true.
|
||||
--log-gelf-include-stack-trace <true|false>
|
||||
DEPRECATED. If set to true, occuring stack traces are included in the
|
||||
'StackTrace' field in the GELF output. Default: true.
|
||||
--log-gelf-level <level>
|
||||
DEPRECATED. The log level specifying which message levels will be logged by
|
||||
the GELF logger. Message levels lower than this value will be discarded.
|
||||
Default: INFO.
|
||||
--log-gelf-max-message-size <size>
|
||||
DEPRECATED. Maximum message size (in bytes). If the message size is exceeded,
|
||||
GELF will submit the message in multiple chunks. Default: 8192.
|
||||
--log-gelf-port <port>
|
||||
DEPRECATED. The port the Logstash or Graylog Host is called on. Default: 12201.
|
||||
--log-gelf-timestamp-format <pattern>
|
||||
DEPRECATED. Set the format for the GELF timestamp field. Uses Java
|
||||
SimpleDateFormat pattern. Default: yyyy-MM-dd HH:mm:ss,SSS.
|
||||
--log-level <category:level>
|
||||
The log level of the root category or a comma-separated list of individual
|
||||
categories and their levels. For the root category, you don't need to
|
||||
specify a category. Default: info.
|
||||
|
||||
Truststore:
|
||||
|
||||
--tls-hostname-verifier <tls-hostname-verifier>
|
||||
The TLS hostname verification policy for out-going HTTPS and SMTP requests.
|
||||
Possible values are: ANY, WILDCARD, STRICT. Default: WILDCARD.
|
||||
--truststore-paths <truststore-paths>
|
||||
List of pkcs12 (p12 or pfx file extensions), PEM files, or directories
|
||||
containing those files that will be used as a system truststore.
|
||||
|
||||
By default, this command tries to update the server configuration by running a
|
||||
'build' before starting the server. You can disable this behavior by using the
|
||||
'--optimized' option:
|
||||
|
||||
$ kc.bat start '--optimized'
|
||||
|
||||
By doing that, the server should start faster based on any previous
|
||||
configuration you have set when manually running the 'build' command.
|
||||
Loading…
Reference in a new issue