Menu
I have initialized https://hub.docker.com/r/jboss/keycloak/ on my Digital Ocean Docker Droplet.
$docker run -e KEYCLOAK_USER=admin -e -p 8080:8080 KEYCLOAK_PASSWORD={password with upcase etc.} jboss/keycloak
success
Everything worked well and the server started in the Droplets IP address on a port :8080.
Problems started when I entered the admin console from the UI in the URL. There was a message: "HTTPS required". This was a real issue and the only solution I have found is to login to the Keycloak from the console and to change the setting of HTTPS=required from admin console without the UI.
I then opened the bash for my Docker container :
$docker exec -it keycloak bash
success
As I entered my command to login in the keycloak/bin folder:
cd keycloak/bin
keycloak/bin $./kcadm.sh config credentials --server http://<droplet IP>:8080/auth --realm master --user admin --password {password with upcase etc.}
the bash freezes and gives a timeout message after some time
Reason for logging in from bash would be complete this:
keycloak/bin $ ./kcadm.sh update realms/master -s sslRequired=NONE.
which would hopefully solve the original problem of HTTPS required.
356
In order to allow HTTPS connections, you need to obtain a self signed or third-party signed certificate and import it into a Java keystore before you can enable HTTPS in the web container you are deploying the Keycloak Server to.
Update Feb 2022:
Keycloak 17+ (e.g. quay.io/keycloak/keycloak:17.0.0) doesn't support autogeneration of selfsigned cert. Minimal HTTPS working example for Keycloak 17+:
1.) Generate selfsigned domain cert/key (follow instructions on your terminal):
openssl req -newkey rsa:2048 -nodes \ -keyout server.key.pem -x509 -days 3650 -out server.crt.pem 2.) Update permissions for the key
chmod 755 server.key.pem 3.) Start Keycloak (use volumes for cert/key):
docker run \ --name keycloak \ -e KEYCLOAK_ADMIN=admin \ -e KEYCLOAK_ADMIN_PASSWORD=password \ -e KC_HTTPS_CERTIFICATE_FILE=/opt/keycloak/conf/server.crt.pem \ -e KC_HTTPS_CERTIFICATE_KEY_FILE=/opt/keycloak/conf/server.key.pem \ -v $PWD/server.crt.pem:/opt/keycloak/conf/server.crt.pem \ -v $PWD/server.key.pem:/opt/keycloak/conf/server.key.pem \ -p 8443:8443 \ quay.io/keycloak/keycloak:17.0.0 \ start-dev Keycloak will be exposed on port 8443 with HTTPS protocol with this setup. If you use also proxy (e.g. nginx) you will need to configure also env variable KC_PROXY properly (e.g. KC_PROXY=edge). Of course you can use also keycloak.conf file instead of env variables.
Old answer for Keycloak up to 16.1.1 and Keycloak legacy 17+:
Publish port 8443 (HTTPS) and use it instead of 8080 (HTTP):
docker run \ --name keycloak \ -e KEYCLOAK_USER=myadmin \ -e KEYCLOAK_PASSWORD=mypassword \ -p 8443:8443 \ jboss/keycloak Keycloak generates self signed cert for https in this setup. Of course, this is not a production setup.
Update
Use volumes for own TLS certificate:
-v /<path>/tls.crt:/etc/x509/https/tls.crt \ -v /<path>/tls.key:/etc/x509/https/tls.key \ If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
