Articles on: Getting Started

Use a CDN in front of a Cloud-IAM's Keycloak deployment

A CDN (like Cloudflare, AWS Cloudfront, ...) is a reverse proxy at scale with additional features such as intelligent filtering, caching, routing, ...
This implies that the end-user requests are not directly routed to the Cloud-IAM cluster, but an additional server (company) interacts before proxying them to the cluster.

In this article, we will assume that the domain my-custom.domain.tld will serve requests from the deployment


Cloud-IAM's deployments can be 'CDNifed'. In this case, there is no need to declare a custom domain in Cloud-IAM console.

The CDN becomes responsible of managing the TLS certificate for my-custom.domain.tld. It must be configured to use a full encryption mode to ensure the requests are still encrypted end-to-end.

However, all the traffic at the edge of the deployment will come from the CDN server IPs. Depending on the load of your traffic, this could lead to rate-limiting. Please contact the support to adjust the rate limiting settings.

How to setup a custom domain
How to setup a reverse-proxy

Updated on: 06/05/2022

Was this article helpful?

Share your feedback


Thank you!