Hello. We have setup Keycloak in AWS in a Fargate cluster, behind a reverse proxy gateway (KrakenD). Our problem is that when trying to access https://auth.staging.bikefolder.com
it don’t download any javascript or css, and when trying to access the Admin Console, nothing happens. Requesting a token is working though. We are running the docker image like this:
docker run
--name keycloak
-dp 8080:8080
--log-driver=awslogs
--log-opt awslogs-region=eu-central-1
--log-opt awslogs-group=bikefolder-keycloak
--log-opt awslogs-create-group=true
--restart unless-stopped
-e TWILIO_ACCOUNT_SID=AC580...1f965
-e TWILIO_AUTH_TOKEN=901b6...d638c3
-e PHONE_NUMBER_FROM="+47...444"
-e KEYCLOAK_ADMIN=admin
-e KEYCLOAK_ADMIN_PASSWORD=ArH6zt...S2O
687...441.dkr.ecr.eu-central-1.amazonaws.com/bikefolder-keycloak:main
start-dev
--db=mysql
--db-url=jdbc:mysql://database-stack-staging-rds-instance-db.cluster-cl...vo.eu-central-1.rds.amazonaws.com:6543/keycloak
--db-username=admin
--db-password=xUu...X9c
--http-enabled=true
--health-enabled=true
--metrics-enabled=true
--proxy=reencrypt
--hostname-url=https://auth.staging.bikefolder.com
--hostname-admin-url=https://auth.staging.bikefolder.com
--hostname-strict=true
--hostname-strict-backchannel=true
--features=declarative-user-profile
The Dockerfile looks like this:
FROM quay.io/keycloak/keycloak:20.0.1 as builder
COPY example-keycloak-2fa-sms-authenticator-1.0-SNAPSHOT.jar /opt/keycloak/providers/
COPY build_keycloak/src/main/resources/theme/keycloak /opt/keycloak/themes/bikefolder
# Enable health and metrics support
ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true
WORKDIR /opt/keycloak
RUN /opt/keycloak/bin/kc.sh build
FROM quay.io/keycloak/keycloak:20.0.1
COPY --from=builder /opt/keycloak/ /opt/keycloak/
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
Keycloak is running on an instance in AWS behind an Nginx proxy looking like this:
server
{
listen 80;
listen [::]:80;
root /varwww/html;
index index.html index.htm index.nginx-debian.html;
server_name auth.staging.bikefolder.com;
location /
{
proxy_pass http://localhost:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Does anyone see an obvious wrong here?