Keycloak admin console in docker behind reverse proxy


I am trying to use Keycloak 19.0.1 on a docker container, with nginx 1.18.0 as a reverse proxy

Keycloak is started with:

docker run -p -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin start-dev --proxy=edge

and the nginx configuration is as follows:

upstream keycloak_app {

location / {
          proxy_http_version 1.1;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header Host $http_host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forward-Proto https;
          proxy_set_header X-Forwarded-Host $http_host;
          proxy_set_header X-Forwarded-Server $http_host;
          proxy_set_header X-Request-Id $request_id;
          proxy_pass http://keycloak_app;


When accessing, the page starts loading but the message “Loading the admin console” stays indefinitely and in the browser (Firefox) console, one can read:

Uncaught (in promise) 
Object { error: "Timeout when waiting for 3rd party check iframe message." }

Note that if I access it directly, without going through the reverse proxy (through, everything works (I can login).

I tried the (undocumented) option PROXY_ADDRESS_FORWARDING: “true” but it still does not work…

I too have this problem. Keycloak 17.0.0 in a Docker container behind Nginx (also in a Docker container) worked fine, but since then every release has caused me problems with the admin console (see

I think the change in behaviour is down to this commit

So I suspect the problem in my case is down to me not finding a working combination of Nginx and Keycloak configuration settings.

BTW every other Keycloak function in my environment works just fine on 17.0.0 and all versions through to and including 19.0.1 — only the Admin console does not load as expected.