I'm trying to understand how to stop keycloak to use https. I don't care about security issues since it's just for learning purposes.
I've this Docker configuration
keycloak:
image: quay.io/keycloak/keycloak:21.1
container_name: keycloak
restart: always
environment:
KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
KC_DB_USERNAME: postgres
KC_DB_PASSWORD: foo
KC_HTTP_RELATIVE_PATH: /auth/
KC_PROXY: "passthrough"
KC_HOSTNAME_STRICT: "false"
KC_HOSTNAME_STRICT_HTTPS: "false"
KC_HOSTNAME: "myurl.onion:4672/auth"
KEYCLOAK_ADMIN: "admin"
KEYCLOAK_ADMIN_PASSWORD: "bar"
entrypoint: ["/opt/keycloak/bin/kc.sh", "start-dev", "--db=postgres"]
ports:
- 8080:8080
volumes:
- /config/keycloak/themes/:/opt/keycloak/themes/
- /config/keycloak/deployments:/opt/keycloak/providers
depends_on:
- postgres
networks:
- nt_int
I use nginx to proxy the requests:
listen 4672 default_server;
listen [::]:4672 default_server;
root /site;
server_name _;
server_tokens off;
location /auth/ {
proxy_pass http://keycloak:8080/auth/;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
}
I can reach the main page of keycloak perfectly, but when I click to login to the master realm it says
Mixed Content: The page at 'http://myurl.onion:4672/auth/admin/master/console/' was loaded over HTTPS, but requested an insecure frame 'http://myurl.onion:4672/auth/auth/realms/master/protocol/openid-connect/3p-cookies/step1.html'. This request has been blocked; the content must be served over HTTPS.
I've tried to change KC_PROXY to edge but it didn't solve anything.
I've also tried manually disabling SSL on the realm but nothing.
Setting PROXY_ADDRESS_FORWARDING to true also didn't solve anything.
I've also tried to use the version 17.0.1 but same result.
What am I doing wrong?
