Keycloak Docker HTTPS required

user6947621 picture user6947621 · Apr 16, 2018 · Viewed 20.9k times · Source

I have initialized https://hub.docker.com/r/jboss/keycloak/ on my Digital Ocean Docker Droplet.

$docker run -e KEYCLOAK_USER=admin -e -p 8080:8080 KEYCLOAK_PASSWORD={password with upcase etc.} jboss/keycloak

success

Everything worked well and the server started in the Droplets IP address on a port :8080.

Problems started when I entered the admin console from the UI in the URL. There was a message: "HTTPS required". This was a real issue and the only solution I have found is to login to the Keycloak from the console and to change the setting of HTTPS=required from admin console without the UI.

I then opened the bash for my Docker container :

$docker exec -it keycloak bash

success

As I entered my command to login in the keycloak/bin folder:

cd keycloak/bin

keycloak/bin $./kcadm.sh config credentials --server http://<droplet IP>:8080/auth --realm master --user admin --password {password with upcase etc.}

the bash freezes and gives a timeout message after some time

Reason for logging in from bash would be complete this:

keycloak/bin $ ./kcadm.sh update realms/master -s sslRequired=NONE.

which would hopefully solve the original problem of HTTPS required.

Answer

Jan Garaj picture Jan Garaj · Apr 17, 2018

Publish port 8443 (HTTPS) and use it instead of 8080 (HTTP):

docker run \
  --name keycloak \
  -e KEYCLOAK_USER=myadmin \
  -e KEYCLOAK_PASSWORD=mypassword \
  -p 8443:8443 \
  jboss/keycloak

Keycloak generates self signed cert for https in this setup. Of course, this is not a production setup.


Update

Use volumes for own TLS certificate:

  -v /<path>/tls.crt:/etc/x509/https/tls.crt \
  -v /<path>/tls.key:/etc/x509/https/tls.key \