AWS ALB HTTPS not working

Hello,

I’m quite new to Keycloak and I can’t get Keycloak to work behind AWS ALB for the life of me. This is my Target Group which is “healthy”

image2184×1060 139 KB

My ALB is Internet Facing and has HTTPS listening which then fwds to my Target Group

I’m running Keycloak version 11.0.2 on Ubuntu Bionic 18.04 with a firewall that accepts 22/8080/8443/443 from everything.

My Security Groups in AWS for Application Load Balancer allows 8080/443/8443 from Public

and finally, this is my standalone.xml for the sections that need to be configured

http-listener name=“default” socket-binding=“http” proxy-address-forwarding=“true” redirect-socket=“https” enable-http2=“true” read-timeout=“30000”

I do not have Apache/NGINX running on this Ubuntu Server. Also I should mention that I can get to ip:8080/auth from a Windows Server (up in AWS VPC) that I use to test URLs.

What the heck am I missing that this thing doesn’t wanna fwd correctly?

I have made a Route 53 DNS Records called keycloak.domain.com that points to the AWS ALB but that doesn’t work with keycloak.domain.com/auth and neither does the ALB DNS Record so I KNOW I’m definitely missing something.

Please help

Why you didn’t test port 8443, when that port is used in the target group and not 8080?

It is not clear how did you configure healthcheck and listeners rules. All these things are AWS related, so some AWS forum/support is better audience for your question.

Good call! Ok so I created a new Target Group and pointed over 443 to 8080 on the backend! Same thing, I can get to it via the Windows EC2 Instance up in AWS via the ip:8080/auth but when I try to even use the ALB DNS Record I don’t get any response. Is there anything I need to update in the standalone.xml file?

Thanks

OK figured out the issue! Sorry about the bother
The problem was that I was setting up my AWS ALB in the Private Subnets rookie mistake.
I do however see that domain.com/auth takes forever to respond and I’m not sure what that’s about