I created my optimized keycloak image based on version 25.0.0 with
health-endpoints: enabled
http: enabled
FROM quay.io/keycloak/keycloak:25.0.0
ENV KC_HEALTH_ENABLED=true
ENV KC_DB=postgres
ENV KC_HTTP_ENABLED=true
RUN /opt/keycloak/bin/kc.sh build
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
and I mapped port 9000 from the container to my host (-p 9000:9000)
Keycloak start successfully (as part of a docker compose file)
2024-06-13 15:49:38,359 INFO [io.quarkus] (main) Keycloak 25.0.0 on JVM (powered by Quarkus 3.8.5) started in 22.146s. Listening on: http://0.0.0.0:8080. Management interface listening on http://0.0.0.0:9000.
But when I call the health endpoint
> curl http://localhost:9000/health/
I get this from the server
<html><body><h1>Resource not found</h1></body></html>
The output you shared indicates that Keycloak is listening on port 8080 for HTTP traffic and on port 9000 for the management interface. This means your main Keycloak endpoints, including health checks, should be accessible on port 8080, not 9000.
Port 9000
Management Interface: This port is used for the management interface, which is a separate interface for administrative and operational tasks. This interface may expose metrics, admin-only endpoints, and other management features.
Above comment is wrong, health is available on 9000!
As soon as you have TLS certificates installed, port 9000 can only be accessed through https://, not http only. This is also true, if you have certificates for global server, not only management port. For management port you can provide different certificates.
If there are completely no certificates, you can access health endpoint through http://.
It’s always worth reading the docs