{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Luminary・发光体 的问题《Keycloak Docker HTTPS required》','https://www.manongdao.com/q-1240109.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have initialized https://hub.docker.com/r/jboss/keycloak/ on my Digital Ocean Docker Droplet.
$docker run -e KEYCLOAK_USER=admin -e -p 8080:8080 KEYCLOAK_PASSWORD={password with upcase etc.} jboss/keycloak
success
Everything worked well and the server started in the Droplets IP address on a port :8080.
Problems started when I entered the admin console from the UI in the URL. There was a message: "HTTPS required". This was a real issue and the only solution I have found is to login to the Keycloak from the console and to change the setting of HTTPS=required from admin console without the UI.
I then opened the bash for my Docker container :
$docker exec -it keycloak bash
success
As I entered my command to login in the keycloak/bin folder:
cd keycloak/bin
keycloak/bin $./kcadm.sh config credentials --server http://<droplet IP>:8080/auth --realm master --user admin --password {password with upcase etc.}
the bash freezes and gives a timeout message after some time
Reason for logging in from bash would be complete this:
keycloak/bin $ ./kcadm.sh update realms/master -s sslRequired=NONE.
which would hopefully solve the original problem of HTTPS required.
Publish port 8443 (HTTPS) and use it instead of 8080 (HTTP):
Keycloak generates self signed cert for https in this setup. Of course, this is not a production setup.
Update
Use volumes for own TLS certificate:
The following sequence of commands worked for me
On the host VM:
Inside the container:
I also experienced bash freezing when trying to config credentials.
Adding the
--passwordargument to theconfig credentialscommand resulted in a successful execution:Execute
./kcadm.sh config credentialsfor examples of secure/alternate ways to pass the argument.This was a solution that also granted access to the admin console with no security when using https://hub.docker.com/r/jboss/keycloak/ as a starting point and DigitalOcean as service provider:
Start container:
Open bash for container:
Move to:
create new admin user with:
(not add-user.sh as suggested in many places)
Restart droplet in DigitalOcean etc. to activated admin user created prior to the shutdown. After restarting the droplet login with:
Changing ssl settings on the realm:
This solution does not create any security but allows you to access the Admin console.
After this it is suggested to start workin on this: https://www.keycloak.org/docs/latest/server_installation/index.html#setting-up-https-ssl