I deployed Keycloak, which is working correctly, and I can access the interface. However, when I try to configure my reverse proxy to access it from the LAN and set up HTTPS, it no longer works.
My Docker-compose file :
networks: backend_network: name: backend_network services: keycloak_web: image: quay.io/keycloak/keycloak:latest container_name: keycloak_docker environment: KC_DB: postgres KC_DB_URL: jdbc:postgresql://keycloakdb:5432/keycloak KC_DB_USERNAME: keycloak KC_DB_PASSWORD: keycloak KC_BOOTSTRAP_ADMIN_USERNAME: keycloak KC_BOOTSTRAP_ADMIN_PASSWORD: keycloak KC_HOSTNAME: keycloak.domain.com KC_HOSTNAME_STRICT: true KC_HOSTNAME_STRICT_HTTPS: true KC_HTTP_ENABLED: false KC_PROXY: edge KEYCLOAK_FRONTEND_URL: https://keycloak.domain.com/auth/ PROXY_ADDRESS_FORWARDING: true KC_LOG_LEVEL: info KC_METRICS_ENABLED: true KC_HEALTH_ENABLED: true KEYCLOAK_ADMIN: admin KEYCLOAK_ADMIN_PASSWORD: admin command: start-dev depends_on: - keycloakdb ports: - 8080:8080 volumes: - keycloak-data:/opt/keycloak/data networks: - "backend_network" - "default" keycloakdb: image: postgres:latest container_name: keycloak_db volumes: - postgres_data:/var/lib/postgresql/data environment: POSTGRES_DB: keycloak POSTGRES_USER: keycloak POSTGRES_PASSWORD: keycloak networks: - "backend_network" volumes: postgres_data: keycloak-data: My reverse-proxy configuration:
<VirtualHost *:80> ServerName keycloak.domain.com RewriteEngine On RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [R=301,L] </VirtualHost> <VirtualHost *:443> ServerName keycloak.domain.com SSLEngine on SSLCertificateFile /etc/certs/certnew.cer SSLCertificateKeyFile /etc/certs/privkey.key SSLProtocol -ALL +TLSv1.2 +TLSv1.3 SSLCipherSuite HIGH:!aNULL:!MD5 ProxyPreserveHost On ProxyRequests Off AllowEncodedSlashes NoDecode SSLProxyEngine On SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off # Standard HTTP proxy ProxyPass / http://1.2.3.4:8080/ ProxyPassReverse / http://1.2.3.4:8080/ RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port "443" Header always unset X-Frame-Options RewriteEngine On RewriteCond %{HTTP:Upgrade} =websocket [NC] RewriteRule /(.*) ws://1.2.3.4:8080/$1 [P,L] Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" Header always set X-Frame-Options "SAMEORIGIN" Header always set X-Content-Type-Options "nosniff" </VirtualHost> When I connect to my Keycloak via HTTPS, I get the following errors:
main.tsx:13 Mixed Content: The page at 'https://keycloak.domain.com/admin/master/console/' was loaded over HTTPS, but requested an insecure resource 'http://keycloak.domain.com/resources/master/admin/en'. This request has been blocked; the content must be served over HTTPS. loadUrl @ index.js:70 read @ index.js:52 read @ i18next.js:1521 loadOne @ i18next.js:1551 (anonymous) @ i18next.js:1536 prepareLoading @ i18next.js:1535 load @ i18next.js:1540 loadResources @ i18next.js:1844 o @ i18next.js:1949 changeLanguage @ i18next.js:1962 c @ i18next.js:1812 setTimeout init @ i18next.js:1817 (anonymous) @ main.tsx:13Understand this error keycloak.js:57 Refused to frame 'http://keycloak.domain.com/' because it violates the following Content Security Policy directive: "frame-src 'self'". Understand this error keycloak-ui-shared.js:136 {error: 'Timeout when waiting for 3rd party check iframe message.'} I tried to configure everything in my compose and in my reverse configuration to force HTTPS, but every time my keycloak returns an http URL. Do you have any ideas, please?
