Partly Blank Admin Page in Production Mode

I am running keycloak behind an nginx proxy. The nginx proxy is terminating encryption using a self-signed certificate. Both keycloak and the nginx proxy are running as docker containers. My configuration works in dev mode, but in production I get a party blank screen when I try to access the admin console.

Does anyone know what might be causing this? I don’t see any obvious errors in the browser console or networking tab.

Here is an screenshot of my problem:

My docker compose:

 keycloak:
    container_name: hxd-keycloak
    restart: "always"
    image: hyperxdashboard-keycloak:latest
    environment:
        # KC_DB: mariadb
        KC_DB_URL_HOST: hxd-mariadb
        KC_DB_URL_PORT: 3306
        KC_DB_URL_DATABASE: keycloak
        KC_DB_USERNAME: ${DASH_DB_USERNAME}
        KC_DB_PASSWORD: ${DASH_DB_PASSWORD}
        KC_HOSTNAME: "192.168.74.247"
        # KC_HOSTNAME_PATH: "https://192.168.74.247:443/auth"
        KC_HOSTNAME_PORT: 443
        # This is false assuming the proxy handles encryption. Don't expose keycloak to a network unencrypted! 
        KC_HOSTNAME_STRICT: false
        KC_HTTP_ENABLED: true
        # KC_HTTP_RELATIVE_PATH: "auth"
        KC_HTTP_PORT: 14040
        # KC_HTTPS_PORT: 14040
        KC_PROXY: "edge"
        KEYCLOAK_ADMIN: "${KEYCLOAK_ADMIN_USERNAME}"
        KEYCLOAK_ADMIN_PASSWORD: "${KEYCLOAK_ADMIN_PASSWORD}"
    ports:
      - 14040:14040
    depends_on:
      - hxd-mariadb
    networks:
      - hxd-network 

My nginx conf:

upstream auth {
    server hxd-keycloak:14040;
}
  
server { 
    listen *:443 ssl;
    listen [::]:443 ssl;
    keepalive_timeout   70;

    ssl_certificate     selfsigned.crt;
    ssl_certificate_key private.key;

    location /auth {
        proxy_buffers 4 256k;
        proxy_buffer_size 128k; 
        proxy_busy_buffers_size 256k;

        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;

        proxy_pass http://auth$request_uri;
        proxy_read_timeout  90;
    }

You have many similiar discussion on github.

For example:

Maybe that can help you. What i see is that you commented out relative path but your nginx config redirects to auth.

One other thing is you havent set the
X-Forwarded-Scheme

I think you see partly the admin page because of the browsers cache.

1 Like

Thanks for your reply Paul! I looked through the GitHub and I found this bug report that seemed similar to my issue. After removing “KC_HOSTNAME_PORT: 443” from my docker compose, everything works!

In case you’re curious, I commented out the KC_HTTP_RELATIVE_PATH line in my compose because I’m setting that variable at build time in my DockerFile. Production mode seems to want you to get that variable at build time, while dev mode wants you to set it at runtime. Kinda strange behavior.

I also tried clearing my cache, but that top section of the admin page was still visible. In any case, removing KC_HOSTNAME_PORT seems to have fixed my issue!

2 Likes

thanks Peter-CA for posting this…I’d read docs and blogs and tried various env var combos and configs but was still stuck with a completely blank admin console page. removing KC_HOSTNAME_PORT as per your followup post fixed it for me… much appreciated! Need to upskill on keycloak for sure!

2 Likes

Thank you so much! Removing KC_HOSTNAME_PORT worked for me. It’s curious that for dev mode, it only work with KC_HOSTNAME_PORT.