Getting started docker on localhost https issue

Hey there,

I’d like to try Keycloak using docker on my local system, and I’ve followed steps described in Keycloak - Guide - Keycloak on Docker but I’m stuck on step 3 “Login to the admin console” since Keycloak wants an HTTPS connection

We are sorry…
HTTPS required

How Come ? Can this be fixed ? I don’t have much time to spend on this and was expecting a decent demo process… and just a few minute after trying it out I’m already deceived… first impression is that the documentation is not reliable

Nevermind, I’ve found the solution by myself on a github blog.

Sharing it here for other guys stuck like me

docker exec -it {containerID} bash
cd /opt/jboss/keycloak/bin
./kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin
./kcadm.sh update realms/master -s sslRequired=NONE

Please update your getting started documentation !

That sacrifices encryption + it is not very container friendly. I recommend to use https port 8443 (there is self signed cert by default). See Keycloak Docker HTTPS required - Stack Overflow

1 Like

Thanks for the hint, I found the stackoverflow thread afterwards.
But for my use case, I needed to be sure it could work in http behind a reverse proxy that will handle ssl encryption.
I have to admit the backend administration is very user friendly. I will dig in it more in details to see if I can set it up to work in an AWS ECS cluster.

You don’t need insecure http access, when you have reverse proxy with TLS offloading. Just access keycloak via proxy (of course Keycloak must be aware that is behind reverse proxy, e.g. PROXY_ADDRESS_FORWARDING=true). It is also good idea to have encrypted connection also after reverse proxy.

Good starting point for AWS ECS (Fargate) is:

That’s great thanks a lot! I didn’t expect to get that much helpful resources! That will save me a lot of time for sure.
Regarding https encryption behind a reverse proxy, I do agree it’s a good practice, you can still have man-in-the-middle attacks from your internal network, but IMHO it’s not a must have, but a should have. Well… of course it depends of the services you’re trying to secure… but since we’re dealing with authentication flow here, I guess you’re right, it’s a must have
Thanks for the advice and guidance :slight_smile:

Well, when you are going to run your environment in AWS, you should at least know Werner Vogels Keynote from 2017 about encryption, which I mention also in my video here: Keycloak with HTTPS & mutual TLS / X.509 authentication | Niko Köbler (@dasniko) - YouTube

Dance like no one is watching, encrypt like everyone is!