I managed to do this but then I can’t find a way to access the admin UI by port-forwarding the service directly. I can access the welcome page at localhost:8080 while it’s blocked at keycloak.minikube.local, but when I click to open the admin console I get redirected to keycloak.minikube.local/realms/master/protocol/openid-connect/auth?... which shows “Invalid parameter: redirect_uri”. I tried tweaking the KC_HOSTNAME_STRICT env var to circumvent this without success.
The redirect_uri in the query parameters is localhost:8080/admin/master/console. Is there a missing setting for my setup? The KC_PROXY var is set to edge. Or am I looking at the wrong solution to access the admin console when it’s not exposed by the reverse proxy?
Perhaps a slightly different approach could be to restrict access to the admin console via the reverse proxy: this way, all trafic goes via de reverse proxy (easy configuration), but the admin console is protected (use IP whitelisting or additional basic authentication in your reverse proxy config).
Example for Apache httpd to restrict admin access to local network only:
<Location "/admin">
Require all denied
Require ip 10.10
</Location>
I have tried KC_HOSTNAME_STRICT, KC_HOSTNAME_ADMIN and several other things with no relief. There does not appear to be a way to access the admin console running behind a load balancer (reverse proxy).