Is it possible to disable HTTP for a Keycloak instance in Azure Container Apps?
I am setting up Keycloak, using the public container image in the Azure Container App service. In production, it is strongly encouraged to disable HTTP.
Depending on the environment variable KC_HTTP_ENABLED, Keycloak either listens to requests on port 8080:
Listening on: http://0.0.0.0:8080 and https://0.0.0.0:8443.
Management interface listening on https://0.0.0.0:9000.
... or doesn't.
Listening on: https://0.0.0.0:8443
Management interface listening on https://0.0.0.0:9000.
When I google the error, I seem to find results relevant to every other case except mine. What am I missing?
From the documentation:
Azure Container Apps uses the Envoy proxy as an edge HTTP proxy. Transport Layer Security (TLS) is terminated on the edge.
The Keycloak container is behind a termination proxy and will never receive any encrypted traffic from it. Attempting to send unencrypted data from the proxy to the container over port :8443 will correctly trigger a refusal. All incoming traffic should be routed to port :8080 in the Ingress settings of the Azure Container App.
The answer is no. Running Keycloak inside the ACA environment means HTTP should be left enabled.
- Load CA root certificate at runtime in Java
- SSL Self-Signed Certificates Issue in Gitlab
- Sniffing Android app's HTTPS traffic from Fiddler fails with only 'Tunnel To' entries in Fiddler
- Redirect HTTP to HTTPS on default virtual host without ServerName
- How to disable HTTPS or change to HTTP in dev and prod version on symfony?
- How to remove JVM property "https.proxyHost"?
- How to make Sinatra work over HTTPS/SSL?
- How do I disable the security certificate check in Python requests
- Best Practice: 301 Redirect HTTP to HTTPS (Standard Domain)
- Is it possible to disable HTTP for a Keycloak instance in Azure Container Apps?
- How can I make git accept a self signed certificate?
- Nginx proxy remove specific path and empty Post request body + HTTPS
- How do I get Python to send as many concurrent HTTP requests as possible?
- nodejs: listen EACCES: permission denied 0.0.0.0:80
- How to make https request and encrypt POST parameters?
- Understand Prometheus HTTP API result type
- Redirect chain problem in web.config, Windows Server 2020 IIS
- Nginx redirect http://www and naked http/https to https://www
- HTTPS block my audio playlist. How to solve it?
- Issue using certbot with nginx
- Expo Go HTTPS-Request doesn't work on android but works on every other OS. (HTTP-Requests are working)
- How to deal with mixed content in a website which should be secured as https?
- Chrome blocks FastAPI file download using FileResponse due to using HTTP instead of HTTPS
- Forget which client certificate is used by Chrome for an URL
- SSLHandshakeException - Chain chain validation failed, how to solve?
- HTTPS disconnected - Kestrel
- Trying pushing to remote repository, permission denied and received error 403
- Android 8: Cleartext HTTP traffic not permitted
- Base address of HttpClient not been assigned anymore on Blazor Web App
- nginx redirecting all subdomains (when it shouldn't)