I have Keycloak successfully running on AWS ECS behind an Application Load Balancer. I’m running the KC container with the proxy=edge, so the SSL connection is present only between client and balancer.
I want to access the admin area only from my private network. In other wards I want to implement the Exposed path recommendation described here.
Starting KC in proxy=edge it starts on http and port 8080. Trying to access the admin area from my private subnet, so accessing the container private IP on port 8080, I’m getting a blank page. Inside the browser console I have the following error:
Refused to frame 'https://my-app.elb.amazonaws.com/' because it violates the following Content Security Policy directive: "frame-src 'self'"
I take a closer look inside the browser network section and I saw that the keycloak.js (the JS adapter) is loaded throw the Load Balancer url and all the other throw the container private IP access.
I tried to set the KC_HOSTNAME_ADMIN but the keycloak.js resource is always make the request with https and not http as the other resources.
Any suggestion about how to resolve?
Another option I’m thinking is to pass a certificate to the KC container so it also starts in https mode, but I think there must be a way to make it loading in http.