I’m running Keycloak behind an NGINX reverse proxy. It worked fine with Keycloak v15 but I can’t reach the admin console with v17.
Whenever I try to access the admin console through the UI, it sends me to http://localhost:8080/auth/admin.
If I manually try to go to https://derp.com/auth/admin, it allows me to log in but fails with an invalid redirect_url (which probably makes a lot of sense from a security standpoint).
I found some posts saying I should add --hostname-admin=derp.com but that fails with an “unknown parameter” error or something like that.
Setting export KC_HOSTNAME_ADMIN="derp.com" has no effect.
There used to be a setting in the Wildfly distribution called adminUrl that I would set to fix this problem but I can’t find its counterpart in the Quarkus distribution.
Here’s how I’m building/running Keycloak:
./kc.sh build --db postgres --http-relative-path /auth --spi-x509cert-lookup-provider=nginx
./kc.sh start --db-url-host localhost --db-username keycloak --db-password keycloak --hostname=derp.com --hostname-strict-backchannel=true --http-host 127.0.0.1 --http-port 8080 --proxy edge --spi-x509cert-lookup-nginx-ssl-client-cert=ssl-client-cert --spi-x509cert-lookup-nginx-ssl-cert-chain-prefix=USELESS --spi-x509cert-lookup-nginx-certificate-chain-length=2 --https-trust-store-file=/etc/pki/java/cacerts --https-trust-store-password=changeit
I’m at a loss as to what I should try next.