We are deploying Keycloak 25.0.2 in Azure Container App, and we want to run Keycloak over HTTP (without certificate) but trying to access to URL exposed by Azure Container App with HTTPS (https://keycloak-server–u9hs5rq.proudrock-baec4025.northeurope.azurecontainerapps.io) we are getting the error showed in the screenshot.
As we can see in the Network tab is failing calling to “http://keycloak-server–u9hs5rq.proudrock-baec4025.northeurope.azurecontainerapps.io/resources/master/admin/en” but if we paste directly this url in the browser I getting the result without issues.
Browser console with the error
Realm settings configuration:
- General:
- Require SSL: None
- Security defenses:
- X-Frame-Options: SAMEORIGIN
- Content-Security-Policy: frame-src ‘self’; frame-ancestors ‘self’; object-src ‘none’;
- X-XSS-Protection: 1; mode=block
- HTTP Strict Transport Security (HSTS): max-age=31536000; includeSubDomains
We are creating Docker image with this Dockerfile:
FROM quay.io/keycloak/keycloak:25.0.2 as builder
ENV KC_DB=mssql
ENV KC_DB_URL="jdbc:sqlserver://keycloaktests.database.windows.net:1433;database=keycloak"
ENV KC_DB_USERNAME=***
ENV KC_DB_PASSWORD=****
ENV KEYCLOAK_ADMIN=**
ENV KEYCLOAK_ADMIN_PASSWORD=**
ENV KC_HOSTNAME_STRICT=false
ENV KC_HOSTNAME_STRICT_HTTPS=false
ENV KC_HTTP_ENABLED=true
ENV KC_PROXY_HEADERS=forwarded
ENV KC_HTTPS_CLIENT_AUTH=none
ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start"]
Azure Container App Ingress Configuration:
Azure Container App Ingress Configuration
We’ve tried configured these environment variables in the Docker image configuration
ENV KC_HTTP_ENABLED=true
ENV KC_PROXY_HEADERS=forwarded
Also the Ingress configuration from Azure Container App as we can see in the screenshot
to allow HTTP traffic, but trying to access to https://keycloak-server–u9hs5rq.proudrock-baec4025.northeurope.azurecontainerapps.io fails when try to get http://keycloak-server–u9hs5rq.proudrock-baec4025.northeurope.azurecontainerapps.io/resources/master/admin/en.
In other hand if I try to go directly to http://keycloak-server–u9hs5rq.proudrock-baec4025.northeurope.azurecontainerapps.io/resources/master/admin/en I can get the results without issues.
The expected behavior should get the Keycloak login page without issues.