It's turned out that my free tier VMs are powerful enough to run a standalone Keycloack server. I'm not a big fan of the direct instance access on high ports, so I decided to configure it with the OCI load balancer. So my server would be available for access through a conventional URL and have all the appropriate certificates.

In case  when you already have a DNS name and load balancer sends requests are routes down to your application server ports. configuration for Wildfly and JBoss application servers are straightforward :

  1. Locate your profile configuration file; in my case, it is under /opt/keycloak-11.0.3/standalone/configuration.
  2. Open standalone.xml for edit and locate entry
  3. Update the frontendURL element so it would contain your load balancer URL. Make sure that you added /auth at the end.
<spi name="hostname">
    <provider name="default" enabled="true">
	    <property name="frontendUrl" value="****"/>
	    <property name="forceBackendUrlToFrontendUrl" value="false"/>
  1. Save changes and restart your standalone instance.

Original property value refers to the variable keycloack.frontendUrl, so another way to achieve the same result is to pass the parameter to the JVM

$ export JAVA_OPTS="${JAVA_OPTS} -Dkeycloack.frontendURL="
$ /opt/keycloack-11.0.3/bin/