HTTPS Required Error on Keycloak Administration Console

[dr-yst]

Hello,

I am running a containerized Keycloak instance on an Azure Virtual Machine.
When following the Stellio documentation on Keycloak Integration, I encountered the "HTTPS required" error when accessing the Administration Console (see attached screenshot).

Could you please advise if there are any additional steps or configurations I may have missed to enable HTTP access?

Thank you so much for your help.

[dr-yst]

As a quick note, the problem was solved by enabling HTTPS!

[bobeal]

In order to improve the documentation, can you tell me what you did to enable HTTPS?

[dr-yst]

Sure, but note that my solution is somewhat specialized in building systems on Azure VM.
I assume that both Stellio and Keycloak work in the same VM instance.

1. Get a public DNS name for the VM

Let's say mydomain.com.

2. Open the receive ports

I opened the following ports.

Port	Description
8443	For HTTPS connection
9080	For HTTP connection when following the tutorial
80	Necessary to get certificates for the DNS name

3. Setup HTPPS connection

3.1 Install certbot and get certificates

sudo apt install certbot
sudo certbot certonly --standalone -d mydomain.com

Here, you should answer the following:

• Email address: Your email address.
• Agreement to Terms of Service: (A)gree
• Share your e-mail address with the Electronic Frontier Foundation: (N)o

If successful, the following files are generated (can be accessed only via root).

• /etc/letsencrypt/live/mydomain.com/fullchain.pem
• /etc/letsencrypt/live/mydomain.com/privkey.pem

Now you can close port 80.

3.2 Copy pem files

I copied these files to any location under my home folder using sudo cp, but I don't know if this was necessary.
Let's say you copied them to /path/to/fullchain.pem and /path/to/privkey.pem respectively.

4. Add the following settings to Keycloak's docker-compose.yml and .env

docker-compose.yml

services:
  keycloak:
    volumes:
      - /path/to/fullchain.pem:/opt/keycloak/conf/fullchain.pem
      - /path/to/privkey.pem:/opt/keycloak/conf/privkey.pem
    environment:
      - KC_HTTPS_CERTIFICATE_FILE=/opt/keycloak/conf/fullchain.pem
      - KC_HTTPS_CERTIFICATE_KEY_FILE=/opt/keycloak/conf/privkey.pem
    ports:
      - 8443:8443
    command: ["start-dev", "--https-port", "8443"]

Note that {kafka_ip} in the tutorial is still the public IP, not the DNS name.

.env

KEYCLOAK_HOSTNAME=mydomain.com

5. Start Keycloak and access the site

docker compose up -d

Then, you can access https://mydomain.com:8443 and see Keycloak working properly there.
Now set up a realm and a client following the tutorial.

6. Modify Stellio's .env and restart Stellio

APPLICATION_TENANTS_0_ISSUER=https://mydomain.com:8443/realms/{realm_name}

Then,

docker compose up -d

That's it.
Changing the Keycloak endpoint to get an access token to https://mydomain.com:8443/realms/{realm_name}/protocol/openid-connect/token worked perfectly.