Keycloak 25.0.2 not running over HTTP on Azure Container App

  Kiến thức lập trình

We are deploying Keycloak 25.0.2 in Azure Container App, and we want to run Keycloak over HTTP (without certificate) but trying to access to URL exposed by Azure Container App with HTTPS (https://keycloak-server–u9hs5rq.proudrock-baec4025.northeurope.azurecontainerapps.io) we are getting the error showed in the screenshot.

As we can see in the Network tab is failing calling to “http://keycloak-server–u9hs5rq.proudrock-baec4025.northeurope.azurecontainerapps.io/resources/master/admin/en” but if we paste directly this url in the browser I getting the result without issues.

Browser console with the error

Realm settings configuration:

  • General:
    • Require SSL: None
  • Security defenses:
    • X-Frame-Options: SAMEORIGIN
    • Content-Security-Policy: frame-src ‘self’; frame-ancestors ‘self’; object-src ‘none’;
    • X-XSS-Protection: 1; mode=block
    • HTTP Strict Transport Security (HSTS): max-age=31536000; includeSubDomains

We are creating Docker image with this Dockerfile:


FROM quay.io/keycloak/keycloak:25.0.2 as builder

ENV KC_DB=mssql
ENV KC_DB_URL="jdbc:sqlserver://keycloaktests.database.windows.net:1433;database=keycloak"
ENV KC_DB_USERNAME=***
ENV KC_DB_PASSWORD=****

ENV KEYCLOAK_ADMIN=**
ENV KEYCLOAK_ADMIN_PASSWORD=**

ENV KC_HOSTNAME_STRICT=false
ENV KC_HOSTNAME_STRICT_HTTPS=false
ENV KC_HTTP_ENABLED=true
ENV KC_PROXY_HEADERS=forwarded 
ENV KC_HTTPS_CLIENT_AUTH=none
ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start"]

Azure Container App Ingress Configuration:
Azure Container App Ingress Configuration

We’ve tried configured these environment variables in the Docker image configuration

ENV KC_HTTP_ENABLED=true
ENV KC_PROXY_HEADERS=forwarded 

Also the Ingress configuration from Azure Container App as we can see in the screenshot
to allow HTTP traffic, but trying to access to https://keycloak-server–u9hs5rq.proudrock-baec4025.northeurope.azurecontainerapps.io fails when try to get http://keycloak-server–u9hs5rq.proudrock-baec4025.northeurope.azurecontainerapps.io/resources/master/admin/en.

In other hand if I try to go directly to http://keycloak-server–u9hs5rq.proudrock-baec4025.northeurope.azurecontainerapps.io/resources/master/admin/en I can get the results without issues.

The expected behavior should get the Keycloak login page without issues.

New contributor

Jesus Corral is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

Theme wordpress giá rẻ Theme wordpress giá rẻ Thiết kế website

LEAVE A COMMENT