Is it possible to disable HTTP for a Keycloak instance in Azure Container Apps?
I am setting up Keycloak, using the public container image in the Azure Container App service. In production, it is strongly encouraged to disable HTTP.
Depending on the environment variable KC_HTTP_ENABLED, Keycloak either listens to requests on port 8080:
Listening on: http://0.0.0.0:8080 and https://0.0.0.0:8443.
Management interface listening on https://0.0.0.0:9000.
... or doesn't.
Listening on: https://0.0.0.0:8443
Management interface listening on https://0.0.0.0:9000.
When I google the error, I seem to find results relevant to every other case except mine. What am I missing?
From the documentation:
Azure Container Apps uses the Envoy proxy as an edge HTTP proxy. Transport Layer Security (TLS) is terminated on the edge.
The Keycloak container is behind a termination proxy and will never receive any encrypted traffic from it. Attempting to send unencrypted data from the proxy to the container over port :8443 will correctly trigger a refusal. All incoming traffic should be routed to port :8080 in the Ingress settings of the Azure Container App.
The answer is no. Running Keycloak inside the ACA environment means HTTP should be left enabled.
- gitea using a normal user and https
- Install Let's Encrypt for multiple domains on same server
- What HTTP methods should be chosen in a REST API when no CRUD operations are going to be performed?
- Your connection is not private NET::ERR_CERT_COMMON_NAME_INVALID
- How to stop fiddler to see HTTPS data between my iOS app and server
- iOS swift: App Transport Security has blocked a cleartext HTTP (http://) resource
- How to run Vue.js dev serve with https?
- Python Flask: Automatically getting or generating SHA-1 fingeriprints
- Best way in asp.net to force https for an entire site?
- Sniffing Android app's HTTPS traffic from Fiddler fails with only 'Tunnel To' entries in Fiddler
- Nginx and docker error: Cannot load certificate no such file
- How do I make a https post in Node Js without any third party module?
- Can you use a service worker with a self-signed certificate?
- Api http security breach detection and alerting
- https on S3 WITHOUT cloudfront possible?
- How do I restore a missing IIS Express SSL Certificate?
- Setting up SOCKS5 proxy on browser for using on other apps
- boost beast async stackless coroutine HTTPS client throws: 167772451 - application data after close notify (SSL routines)
- Webpage does not load while intercepting with Burp
- Cant validate facebook og meta after updating to https
- why is safari the only browser flagging my https website as not secure
- Webpack DevServer -> proxy HTTPS resource -> UNABLE_TO_VERIFY_LEAF_SIGNATURE
- Is it possible to disable HTTP for a Keycloak instance in Azure Container Apps?
- Disable certificate verification on Ubuntu
- 307 Temporary Redirect not work nginx 1.18
- Force SSL/https using .htaccess and mod_rewrite
- window.open from a https to http, and from https to http
- Visual Studio ASP.NET Core Debug IIS Express - Site can't be reached
- Curl: Fix CURL (51) SSL error: no alternative certificate subject name matches
- How to disable SSL verification in Spring Vault