Keycloak quarkus: frontendUrl changing not working

i have keycloak quarkus running in kubernetes on port http: (nginx in front of with https)…

However all admin templates (like login form) service “http://xxx
I tried everything to make it https but it doesn’t pick up:
-keycloak.frontendUrl with java -D option.
It keeps logging:
g.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider] (main) Hostname settings: FrontEnd: , Strict HTTPS: false, Path: , Strict BackChannel: false, Admin:

No matter what i do…

Don’t understand how to change this.

Maybe this will help you I had some issues not like you have but with nginx:
Modify in standalone.xml

<http-listener name="default" socket-binding="http" redirect-socket="https" **proxy-address-forwarding="true"** enable-http2="true"/>
<https-listener name="https" socket-binding="https" **proxy-address-forwarding="true"** security-realm="ApplicationRealm" enable-http2="true"/>    


oo but then i should have asked other question:
In keycloak quarkus, we do not see a standalone or any .xml file in config directory anymore…
Is there another way to put these configuration options , since the only we found out are: --hostname-strict=false --http-enabled=true --hostname-strict-https=false

(ps: if testing everhing on http everyting works fine)

There is a setting for proxy in keycloak-x:

You want to set it to edge

thanks, this helps,
Now already that far that with 1 pod admin login is working.
only with 2 pods i get endless redirects because of a login_error, well at least one step futher, thanks…

Locally with 2 pods its ok, so must have something todo with settings…

Update about to many redirects, it looks like this issue:


however i did set the env:
value: “true”

and it shows up also on the pod when getting env list.

Is there another way in keycloka quarkus setting this ?
Also tried to debug, and it looks like with 2 pods, there first is successfull login, but then somewhere it doesn’t find the usersession anymore in infinispan…

So i wonder if there need to be specfic settings for this too…
There really is not a manual, how to migrate from old to new, like check, these settings, configure cache, do this… It looks like just trial-and-error method :-<

update, yes to many redirects was caused by not setting infinispan to “kubernetes” with KC_CACHE_STACK.

without this session are not distributed across the nodes , ending up in login_error and expired_session.

the PROXY_ADDRESS_FORWARDING doesn’t seem to do anything false or true is the same, removed this setting