I have leveraged Keycloak in production mode behind nginx via docker-compose file in my Centos 8 machine. TLS is set in load balancer, not in the machine. But when I try to access admin console in browser with the credentials I provide (KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD) in docker-compose file, it gives “Invalid username or password.” error.
docker-compose.yaml file:
nginx:
build: ./nginx/.
container_name: nginx
ports:
- "8443:80"
depends_on:
- keycloak
networks:
- keycloak_nginx_network
keycloak:
image: quay.io/keycloak/keycloak:23.0.4
container_name: keycloak
command: start
restart: always
ports:
- "8080:8080"
environment:
KC_DB: postgres
KC_DB_URL_HOST: postgres_keycloak
KC_DB_URL_DATABASE: keycloak
KC_DB_PASSWORD: postgrespassword
KC_DB_USERNAME: KeycloakPostgres
KC_DB_SCHEMA: public
KC_PROXY: edge
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: admin
KC_HOSTNAME_STRICT_HTTPS: "true"
KC_HOSTNAME_STRICT_BACKCHANNEL: "true"
KEYCLOAK_FRONTEND_URL: "some-url/auth"
KC_HOSTNAME_URL: some-url
KC_HOSTNAME_ADMIN_URL: some-url
depends_on:
postgres_keycloak:
condition: service_healthy
networks:
- keycloak_nginx_network
nginx.conf:
events {}
http {
server {
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header content-type "application/json";
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_pass http://keycloak:8080;
proxy_read_timeout 300s;
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
}
}
}
When I enter username: admin & password: admin in browser, The error definition I get in docker logs:
WARN [org.keycloak.events] (executor-thread-1) type=LOGIN_ERROR, realmId=some-realm-id, clientId=security-admin-console, userId=null, ipAddress=some-ip, error=user_not_found, auth_method=openid-connect, auth_type=code, redirect_uri=some-uri, code_id=some-code-id
1 row above of this warning it says:
INFO [org.keycloak.services] (main) KC-SERVICES0009: Added user 'some-user' to realm 'master'
Obviously I have already provided credentials but it keeps giving user_not_found error. I tried some of the suggested solutions like; destroying & recreating docker containers, naming username and password different than “admin” and “password” etc but none of them worked.
But when I run same docker-compose environment variables with start-dev command, somehow it logins.
Anyone who have solution for this?