Hi,
I read a lot of articles but cannot get Keycloak 17 running without https - my reverse proxy cares about HTTPS and I want to communicate with keycloak then via HTTP.
My Docker build and custom Keycloak image looks like this:
FROM quay.io/keycloak/keycloak:17.0.0 as builder
ENV KC_METRICS_ENABLED=true
ENV KC_DB=postgres
ENV KC_HTTP_RELATIVE_PATH=/auth
RUN /opt/keycloak/bin/kc.sh build
FROM quay.io/keycloak/keycloak:17.0.0
COPY --from=builder /opt/keycloak/lib/quarkus/ /opt/keycloak/lib/quarkus/
WORKDIR /opt/keycloak
ENV KEYCLOAK_ADMIN=kcadmin
ENV KEYCLOAK_ADMIN_PASSWORD=securepw
ENV KC_DB_URL=<DBURL>
ENV KC_DB_USERNAME=<DBUSERNAME>
ENV KC_DB_PASSWORD=<DBPASSWORD>
ENV KC_LOG_LEVEL: INFO
ENV KC_PROXY: edge
ENV KC_HTTP_ENABLED: true
COPY ./theme/snc-lara/ /opt/keycloak/themes/snc-lara/
ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start"]
Then I build and start the container with docker compose: (overwriting some parameters)
keycloak:
image: my-repo.at/lara-keycloak:latest
environment:
KC_DB_PASSWORD: 'securepw'
KC_DB_SCHEMA: public
KC_DB_URL_DATABASE: keycloak
KC_DB_URL: jdbc:postgresql://db-url.at:5533/keycloak
KC_DB_USERNAME: lara
KEYCLOAK_ADMIN: kcadmin
KEYCLOAK_ADMIN_PASSWORD: 'securepw'
KC_HOSTNAME: docker-snc02.dev0.mycompany.at
KC_HOSTNAME_STRICT: false
ports:
- 8686:8080/tcp
When I start the container it always outputs following error:
25.2.2022 01:06:392022-02-25 00:06:39,183 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server in (production) mode
25.2.2022 01:06:392022-02-25 00:06:39,183 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Key material not provided to setup HTTPS. Please configure your keys/certificates or start the server in development mode.
25.2.2022 01:06:392022-02-25 00:06:39,183 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) For more details run the same command passing the '--verbose' option. Also you can use '--help' to see the details about the usage of the particular command.
What am I doing wrong? It seems to have worked for others that way:
Isn`t it possible run keycloak in HTTP mode only?
One solution might be to run Keycloak 17 in start-dev mode - but I wanted to avoid that …
ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start-dev"]