Need some handholding setting up SSL on bare metal/Linux

I’m setting up my first Keycloak server on a bare metal EC2 instance. As a result, I can’t navigate to http://localhost for the user-friendly setup.

I have my instance up and I have a DNS entry pointing to my server. I have obtained an SSL certificate from LetsEncrypt. I copied the cert.pem and privkey.pem files to /home/ec2-user/keycloak-20.0.3/conf and I edited keycloak.conf to set

https-certificate-file=/home/ec2-user/keycloak-20.0.3/conf/cert.pem

and

https-certificate-key-file=/home/ec2-user/keycloak-20.0.3/conf/privkey.pem

Both files are readable by the ec2-user account.

When I start my server in dev mode (after setting KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD environment variables), I can connect to http://my.server.name.com:8080, however when I click on the Administration Console link, I get “We are sorry… https required.”

What critically important step have I missed here?

If you can ssh into the machine, you can use SSH port-forwading:

To redirect local (the computer where you are typing) port 8080 to EC2 instance localhost:8080

ssh -L8080:localhost:8080 <server ip ou address>

So you can access the admin console via http.

But, did you try to start keycloak with start instead of start-dev?

Huh… I just had to add :8443 to my server URL and that seems to have done the trick. I’m sure I’ll be back soon with more questions!