Run keycloak in Production without TLS configuration

Hi All
I am upgrading keycloak from version 15 to 21, while doing so i am facing one issue which is that to run keycloak 21 in production env it seems that it is essential to configure TLS, is there a way i can disable it.? because we are running keycloak in k8 cluster behind nginx. All the request to keycloak from public endpoint is routed via nginx for which we use https then nginx route those request to keycloak using http inside the cluster. For this reason it seems overhead for us to run keycloak with TLS enabled inside the cluster. Any suggestion or solution will be helpful.

Below are the some of the configuration parameters(keycloak.conf) we set to enable http mode if TLS termination is done at load balancer. For reference Configuring the hostname - Keycloak

option value description
hostname-strict false Disables dynamically resolving the hostname from request headers
hostname-strict-https false Required for running only in http mode
http-enabled true Enables the HTTP listener
proxy edge edge proxy mode enables communication through HTTP between the proxy and Keycloak
1 Like

thanks @sirishkumar , will try this.

i am getting flowing error
ERROR ==> You need to have TLS enabled. Please set the KEYCLOAK_ENABLE_HTTPS variable to true

This is my configurations

Looks like you are using bitnami charts and as per this comment bitnami/keycloak 8.0.* / 9.0.* Running Server in Development mode · Issue #10236 · bitnami/charts · GitHub , KEYCLOAK_ENABLE_HTTPS is required to be true if production mode(KEYCLOAK_PRODUCTION) is set to True. This is something specific to bitnami chart and not to keycloak. I have no experience with the bitnami keycloak chart configuration. May be try setting KEYCLOAK_PRODUCTION it to false and you need to analyze what are its implications with bitnami chart.

i found out one solution in the like you have shared, thanks.

It would be useful for others if you can post the exact solution which worked for you

Sure, By simple adding
i was able to resolve the issue
This was helpful

Good to know, i also mentioned this in my first response :slight_smile:

Yes , actually earlier i was using KC_PROXY instead of KEYCLOAK_PROXY. this seems to be causing the issue.
This is the working configuration
PORT: 8080