diff --git a/deploy/keycloak/keycloak.yaml b/deploy/keycloak/keycloak.yaml
index 8bcfdae..15325b8 100644
--- a/deploy/keycloak/keycloak.yaml
+++ b/deploy/keycloak/keycloak.yaml
@@ -53,10 +53,9 @@ spec:
             - "start"
             - "--cache=ispn"                      # Enable distributed Infinispan cache (HA mode) [oai_citation_attribution:0‡keycloak.org](https://www.keycloak.org/server/caching#:~:text=When%20you%20start%20Keycloak%20in,in%20your%20network%20are%20discovered)
             - "--cache-stack=kubernetes"          # Use built-in Kubernetes stack for clustering (DNS_PING)
-#            - "--hostname=https://sso.panic.haus" # External URL for Keycloak (use HTTPS for TLS offload)
+            - "--hostname=https://sso.panic.haus" # External URL for Keycloak (use HTTPS for TLS offload)
             - "--http-enabled=true"               # Allow Keycloak to listen on HTTP (for edge TLS termination) [oai_citation_attribution:1‡keycloak.org](https://www.keycloak.org/server/hostname#:~:text=provides%20the%20flexibility%20for%20users,start%20the%20server%20as%20follows)
             - "-Djgroups.dns.query=keycloak-headless"
-            - "--optimized"
           env:
             - name: KEYCLOAK_ADMIN
               value: "admin"
@@ -64,8 +63,8 @@ spec:
               value: "admin"
 #            - name: KC_PROXY_HEADERS
 #              value: "xforwarded"
-#            - name: KC_HOSTNAME
-#              value: "sso.panic.haus"
+            - name: KC_HOSTNAME
+              value: "sso.panic.haus"
             - name: KC_HTTP_ENABLED
               value: "true"
             - name: KC_HEALTH_ENABLED