Keycloak admin console in docker behind reverse proxy

Hello,

I am trying to use Keycloak 19.0.1 on a docker container, with nginx 1.18.0 as a reverse proxy

Keycloak is started with:

docker run -p 127.0.0.1:8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:19.0.1 start-dev --proxy=edge

and the nginx configuration is as follows:

upstream keycloak_app {
    server 127.0.0.1:8080;  
}

server{
server_name kc.hidden.com;
location / {
          proxy_http_version 1.1;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header Host $http_host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forward-Proto https;
          proxy_set_header X-Forwarded-Host $http_host;
          proxy_set_header X-Forwarded-Server $http_host;
          proxy_set_header X-Request-Id $request_id;
          proxy_pass http://keycloak_app;
    }

}

When accessing https://kc.hidden.com/admin/master/console/, the page starts loading but the message “Loading the admin console” stays indefinitely and in the browser (Firefox) console, one can read:

Uncaught (in promise) 
Object { error: "Timeout when waiting for 3rd party check iframe message." }

Note that if I access it directly, without going through the reverse proxy (through 127.0.0.1:8080), everything works (I can login).

I tried the (undocumented) option PROXY_ADDRESS_FORWARDING: “true” but it still does not work…

I too have this problem. Keycloak 17.0.0 in a Docker container behind Nginx (also in a Docker container) worked fine, but since then every release has caused me problems with the admin console (see https://keycloak.discourse.group/t/keycloak-17-admin-console-shows-only-the-top-navigation-bar/14695

I think the change in behaviour is down to this commit https://github.com/keycloak/keycloak/commit/3da5a8ea7349ee306895f0071b883901102fe2fd

So I suspect the problem in my case is down to me not finding a working combination of Nginx and Keycloak configuration settings.

BTW every other Keycloak function in my environment works just fine on 17.0.0 and all versions through to and including 19.0.1 — only the Admin console does not load as expected.