diff --git a/CHANGELOG.md b/CHANGELOG.md
index 176d19e59bee8e00bc20052720d625d61302de60..d915b9d90db31e20f534805d04cd29bc90906e19 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,7 @@ FEATURES:
 * Added the ability to control the timeout on the initial openid configuration from .well-known/openid-configuration [#PR315](https://github.com/gambol99/keycloak-proxy/pull/315)
 * Updated to Golang version 1.10 [#PR316](https://github.com/gambol99/keycloak-proxy/pull/316)
 * Added the X-Auth-Audience to the upstream headers [#PR319](https://github.com/gambol99/keycloak-proxy/pull/319)
+* Changed the upstream-keepalive to default to true [#PR321](https://github.com/gambol99/keycloak-proxy/pull/321)
 
 #### **2.1.1**
 
diff --git a/config.go b/config.go
index 2855dc2dae47a7c8035e357e51be55af8bfdc930..5cc293f51e35cc8df022984dac3f6b1094f1945d 100644
--- a/config.go
+++ b/config.go
@@ -30,8 +30,8 @@ func newDefaultConfig() *Config {
 		AccessTokenDuration:         time.Duration(720) * time.Hour,
 		CookieAccessName:            "kc-access",
 		CookieRefreshName:           "kc-state",
-		EnableAuthorizationHeader:   true,
 		EnableAuthorizationCookies:  true,
+		EnableAuthorizationHeader:   true,
 		EnableTokenHeader:           true,
 		Headers:                     make(map[string]string),
 		LetsEncryptCacheDir:         "./cache/",
@@ -46,6 +46,7 @@ func newDefaultConfig() *Config {
 		Tags: make(map[string]string, 0),
 		UpstreamExpectContinueTimeout: 10 * time.Second,
 		UpstreamKeepaliveTimeout:      10 * time.Second,
+		UpstreamKeepalives:            true,
 		UpstreamResponseHeaderTimeout: 1 * time.Second,
 		UpstreamTLSHandshakeTimeout:   10 * time.Second,
 		UpstreamTimeout:               10 * time.Second,
diff --git a/server.go b/server.go
index 21b71289a5c5cf6cbe592341224b47e59c7460a9..f0fb6b1c5a7ffd682a01c6b174a3101c0a0bbfda 100644
--- a/server.go
+++ b/server.go
@@ -458,8 +458,7 @@ func (r *oauthProxy) createHTTPListener(config listenerConfig) (net.Listener, er
 
 			getCertificate = m.GetCertificate
 		} else {
-			r.log.Info("tls support enabled",
-				zap.String("certificate", config.certificate), zap.String("private_key", config.privateKey))
+			r.log.Info("tls support enabled", zap.String("certificate", config.certificate), zap.String("private_key", config.privateKey))
 			// creating a certificate rotation
 			rotate, err := newCertificateRotator(config.certificate, config.privateKey, r.log)
 			if err != nil {
@@ -552,8 +551,8 @@ func (r *oauthProxy) createUpstreamProxy(upstream *url.URL) error {
 	proxy.Logger = httplog.New(ioutil.Discard, "", 0)
 	r.upstream = proxy
 
-	// create the http transport
-	tp := &http.Transport{
+	// update the tls configuration of the reverse proxy
+	r.upstream.(*goproxy.ProxyHttpServer).Tr = &http.Transport{
 		Dial:                  dialer,
 		DisableKeepAlives:     !r.config.UpstreamKeepalives,
 		ExpectContinueTimeout: r.config.UpstreamExpectContinueTimeout,
@@ -562,9 +561,6 @@ func (r *oauthProxy) createUpstreamProxy(upstream *url.URL) error {
 		TLSHandshakeTimeout:   r.config.UpstreamTLSHandshakeTimeout,
 	}
 
-	// update the tls configuration of the reverse proxy
-	r.upstream.(*goproxy.ProxyHttpServer).Tr = tp
-
 	return nil
 }