Is it possible to disable HTTP for a Keycloak instance in Azure Container Apps?
I am setting up Keycloak, using the public container image in the Azure Container App service. In production, it is strongly encouraged to disable HTTP.
Depending on the environment variable KC_HTTP_ENABLED, Keycloak either listens to requests on port 8080:
Listening on: http://0.0.0.0:8080 and https://0.0.0.0:8443.
Management interface listening on https://0.0.0.0:9000.
... or doesn't.
Listening on: https://0.0.0.0:8443
Management interface listening on https://0.0.0.0:9000.
When I google the error, I seem to find results relevant to every other case except mine. What am I missing?
From the documentation:
Azure Container Apps uses the Envoy proxy as an edge HTTP proxy. Transport Layer Security (TLS) is terminated on the edge.
The Keycloak container is behind a termination proxy and will never receive any encrypted traffic from it. Attempting to send unencrypted data from the proxy to the container over port :8443 will correctly trigger a refusal. All incoming traffic should be routed to port :8080 in the Ingress settings of the Azure Container App.
The answer is no. Running Keycloak inside the ACA environment means HTTP should be left enabled.
- How can we run a FastAPI application on two ports one HTTP and one HTTPS without redirecting?
- OpenAS2 AS2ReceiverHandler: HTTP connection error on inbound message
- let's encrypt Certbot failed to authenticate some domains (authenticator: apache). Failed to verify the temporary Apache configuration changes
- You're accessing the development server over HTTPS, but it only supports HTTP. code 400, message Bad request syntax
- How to set up HTTPS for Rasa chatbot?
- Issues with installing python libraries on Windows : CondaHTTPError: HTTP 000 CONNECTION FAILED for url <https://conda.anaconda.org/anaconda/win-64
- How can I measure the response times of an http request in Node?
- How can I know if the request to the servlet was executed using HTTP or HTTPS?
- ASP.NET Core 8 HTTPS Certificate Issues with Windows Host and Linux Container
- Do HTTPS connections require HTTPS proxies or can I use HTTP proxies?
- Troubleshooting HTTPS Issues with .NET Application on IIS Server
- How to get through security error pages in the Firefox web browser?
- Cleartext HTTP traffic to myserver.com not permitted on Android N preview
- Implementing Swish payment C# - Only on Azure - Sending client certificate - The request was aborted: Could not create SSL/TLS secure channel
- Google Chrome redirecting localhost to https
- gitea using a normal user and https
- Install Let's Encrypt for multiple domains on same server
- What HTTP methods should be chosen in a REST API when no CRUD operations are going to be performed?
- Your connection is not private NET::ERR_CERT_COMMON_NAME_INVALID
- How to stop fiddler to see HTTPS data between my iOS app and server
- iOS swift: App Transport Security has blocked a cleartext HTTP (http://) resource
- How to run Vue.js dev serve with https?
- Python Flask: Automatically getting or generating SHA-1 fingeriprints
- Best way in asp.net to force https for an entire site?
- Sniffing Android app's HTTPS traffic from Fiddler fails with only 'Tunnel To' entries in Fiddler
- Nginx and docker error: Cannot load certificate no such file
- How do I make a https post in Node Js without any third party module?
- Can you use a service worker with a self-signed certificate?
- Api http security breach detection and alerting
- https on S3 WITHOUT cloudfront possible?