External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-09 23:12:06 -03:30
Code Issues Packages Projects Releases Wiki Activity

Fix broken anchor for caching docs

Browse Source 
Also shorten the docs as KC is now encrypting by default.

Closes #41421

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
This commit is contained in:
Alexander Schwartz 2025-07-28 19:57:39 +02:00 committed by GitHub
parent dcba51c0af
commit ff4d4233f4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/guides/server/caching.adoc
View File

@ -260,7 +260,7 @@ Please refer to {infinispan_embedding_docs}#cluster-transport[Setting up Infinis
== Securing transport stacks
Encryption using TLS is enabled by default for TCP-based transport stacks, which is also the default configuration
Encryption using TLS is enabled by default for TCP-based transport stacks, which is also the default configuration.
No additional CLI options or modifications of the cache XML are required as long as you are using a TCP-based transport stack.
[NOTE]
@ -315,6 +315,7 @@ Although not recommended for standard setups, if it is essential in a specific s
The truststore contains the valid certificates to accept connection from, and it can be configured with `cache-embedded-mtls-trust-store-file` (path to the truststore), and `cache-embedded-mtls-trust-store-password` (password to decrypt it).
To restrict unauthorized access, always use a self-signed certificate for each {project_name} deployment.
[#network-ports]
== Network Ports
To ensure a healthy {project_name} clustering, some network ports need to be open.

9
docs/guides/server/configuration-production.adoc
View File

@ -50,18 +50,13 @@ Any request that exceeds this limit would return with an immediate `503 Server n
== Production grade database
The database used by {project_name} is crucial for the overall performance, availability, reliability and integrity of {project_name}. For details on how to configure a supported database, see <@links.server id="db"/>.
== Support for {project_name} in a cluster
== Running {project_name} in a cluster
To ensure that users can continue to log in when a {project_name} instance goes down, a typical production environment contains two or more {project_name} instances.
{project_name} runs on top of JGroups and Infinispan, which provide a reliable, high-availability stack for a clustered scenario. When deployed to a cluster, the embedded Infinispan server communication should be secured. You secure this communication either by enabling authentication and encryption or by isolating the network used for cluster communication.
{project_name} runs on top of JGroups and Infinispan, which provide a reliable, high-availability stack for a clustered scenario. In the default setup, communication between the nodes is encrypted using TLS.
To find out more about using multiple nodes, the different caches and an appropriate stack for your environment, see <@links.server id="caching"/>.
=== Secure network communication
JGroups supports Java SSL sockets for TCP communication.
Check <@links.server id="caching" anchor="securing-cache-communication"/> for more information on how to configure TLS and the alternatives available for UDP communication.
=== Configure Firewall ports
A set of network ports must be open to allow a healthy network communication between {project_name} servers.