With passing both KC_HOSTNAME and KC_HTTP_HOST, keycloak doesnt start and throws error at startup:
ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) Error details:: java.lang.RuntimeException: Unable to start HTTP server
at io.quarkus.vertx.http.runtime.VertxHttpRecorder.doServerStart(VertxHttpRecorder.java:624)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder.startServer(VertxHttpRecorder.java:282)
at io.quarkus.deployment.steps.VertxHttpProcessor$openSocket1866188241.deploy_0(Unknown Source)
at io.quarkus.deployment.steps.VertxHttpProcessor$openSocket1866188241.deploy(Unknown Source)
at io.quarkus.runner.ApplicationImpl.doStart(Unknown Source)
at io.quarkus.runtime.Application.start(Application.java:101)
at io.quarkus.runtime.ApplicationLifecycleManager.run(ApplicationLifecycleManager.java:103)
at io.quarkus.runtime.Quarkus.run(Quarkus.java:67)
at org.keycloak.quarkus.runtime.KeycloakMain.start(KeycloakMain.java:103)
So, I reverted back to usual (i.e without KC_HTTP_HOST), and on quarkus startup saw that in logs it reads:
“Listening on: http://0.0.0.0:7979”
When I tried accessing the admin console: keycloak-internal.company.com/auth/admin/master/console
it then redirects URL to
https://identity-test.company.com/auth/realms/master/protocol/openid-connect/auth?client_id=security-admin-console&redirect_uri=https%3A%2F%2Fkeycloak-internal.company.com%2Fauth%2Fadmin%2Fmaster%2Fconsole%2F&state=d837e1df-f63a-4830-95fd-92ccf9bec47f&response_mode=fragment&response_type=code&scope=openid&nonce=db60fc5f-126f-4608-8da1-aa324a31e183&code_challenge=zFN58CgQOKy1V_joA5FvqKUyrbhUovkgvrshVNibn1w&code_challenge_method=S256
and I get Invalid redirect_uri
I then manually changed the redirect_uri in parameter on browser and hit reload
https://identity-test.company.com/auth/realms/master/protocol/openid-connect/auth?client_id=security-admin-console&redirect_uri=https%3A%2F%2Fidentity-test.company.com%2Fauth%2Fadmin%2Fmaster%2Fconsole%2F&state=d837e1df-f63a-4830-95fd-92ccf9bec47f&response_mode=fragment&response_type=code&scope=openid&nonce=db60fc5f-126f-4608-8da1-aa324a31e183&code_challenge=zFN58CgQOKy1V_joA5FvqKUyrbhUovkgvrshVNibn1w&code_challenge_method=S256
I can see the admin console login, but upon login, it fail (The above was a hack anyways just to see the behaviour).
How or what can I configure or missing so I can use a nginx reverse proxy with the setup as above.
Not sure why I get Quarkus bind exception when I add http_host as suggested.
Tried various settings, it turned out that I had to in the master realm, set my valid redirect url’s which was missing. Once I entered a valid value there, the admin console login works then.
At this point, you get invalid redirect_uri since your public dns and redirect uri are different.
So when you login to admin console (keep kc_hostname and redirect_uri same), you can then for that “client_id”, put the valid redirect uri as: my-kc-internal.com/auth/admin/master/console
Hi @a.ahmadzadeh we use the default 8443 so havent had to to configure it, however having said that, going through your post, seeing you are using a different default port, have you also configured KC_HTTPS_PORT in conjunction with KC_HOSTNAME_PORT. I am not entirely sure how two play together but you can try.