Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I add SSL in keycloak in docker

Tags:

docker

certificate

ssl

amazon-web-services

keycloak

I'm having an issue adding SSL certificate to Keycloak that is running on docker. I got an SSL Certificate from AWS EC2 with Load Balancer, but don't know how to add it to Keycloak on docker. I was looking through Google but nothing found yet.

Also when i go to page like: https://stackoverflow.com, the ssl works perfectly. But when I try to open https://stackoverflow.com:8443 (since 8443 is the port of Keycloak) its not working.

Here's the code of Dockerfile of Keycloak:

FROM jboss/keycloak:4.6.0.Final

WORKDIR /opt/jboss/keycloak

COPY realm-export.json /opt/jboss/keycloak/

EXPOSE 8443

ENTRYPOINT [ "/opt/jboss/tools/docker-entrypoint.sh" ]
CMD ["-b", "0.0.0.0", "-bmanagement", "0.0.0.0", "-Dkeycloak.import=realm-export.json -Dkeycloak.migration.strategy=OVERWRITE_EXISTING"]

And here's the docker-compose.yml file:

version: '2'

services:
  keycloak:
    build: "./Keycloak + actibook-app client import"
    depends_on:
      - keycloak-postgres
    environment:
      - KEYCLOAK_USER=${KEYCLOAK_USER}
      - KEYCLOAK_PASSWORD=${KEYCLOAK_PASSWORD}
      - KEYCLOAK_IMPORT=${KEYCLOAK_IMPORT}
      - POSTGRES_USER=${KEYCLOAK_DATABASE_USER}
      - POSTGRES_PASSWORD=${KEYCLOAK_DATABASE_PASSW}
      - POSTGRES_PORT_5432_TCP_ADDR= keycloak-postgres
    ports:
      - "8443:8443"
    labels:
      - "traefik.frontend.passHostHeader=true"

  traefik:
    build: ./traefik
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    restart: unless-stopped
like image 754
TimeFrame Avatar asked Dec 24 '18 11:12

TimeFrame

People also ask

What is Keycloak SSL required?

Keycloak does not require SSL. This should really only be used in development when you are playing around with things and don't want to bother configuring SSL on your server.

1 Answers

README is a good friend - https://hub.docker.com/r/jboss/keycloak/:

Setting up TLS(SSL)

Keycloak image allows you to specify both a private key and a certificate for serving HTTPS. In that case you need to provide two files:

tls.crt - a certificate
tls.key - a private key

Those files need to be mounted in /etc/x509/https directory. The image will automatically convert them into a Java keystore and reconfigure Wildfly to use it.

But that is only Keycloak TLS container configuration. You are using also Traefik, so you may need to configure TLS in Traefik container - it depends on your configuration.

like image 80
Jan Garaj Avatar answered Oct 08 '22 07:10

Jan Garaj
Sign in to Comment

Related questions

Is there any way to explicitly send event message to dead letter queue from inside AWS lambda function on certain condition?
AWS static site file upload via boto 3 set the right content-types
how to set an existing IAM role to a new instance while spinning in terraform
How to check if user is confirmed in AWS Amplify?
AWS Cognito User Pools and OpenId
Get Cognito user pools groups data in Lambda function
Using aws encryption SDK in python AWS lambda
AWS: Is it possible to monitor an external service?
Append item to list using AWS AppSync to DynamoDB
How to specify both IPv6 and v4 in Security Groups in CloudFormation?
Why is a Bastion Host more secure?
How to keep the last X ECS task definitions active?
Cross-account access to AWS Glue Data Catalog via Athena
Avoid CORS with AWS Cloudfront, and clean SPA urls
AWS JAVA SDK get public IP of Task
AWS ELB rewrite path and alter the path in between
How to deploy a dotnet core app using AWS CodePipeline to ElasticBeanstalk
AWS S3 - permission to edit bucket policy
AWS Java SDK Version For Creating a Lambda
ecs-cli compose service up with a load balancer

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!