I want to run Keycloak, which is based on Quarkus, which for some reason listens on all interfaces of my system. I would like to restrict that to localhost only, but am unable to do so. In the past, Quarkus listened to localhost by default only, which changed to localhost by default in the DEV profile only and it even contained errors simply logging the wrong host and port it actually listens on.
So the problem I have now is that I don't know which are the correct settings, if I can trust the log output etc. The log output is always the same http://0.0.0.0:8080, regardless which changes I apply, either as Java system properties or environment variables.
quarkus.http.host The HTTP host In dev/test mode this defaults to localhost, in prod mode this defaults to 0.0.0.0
Defaulting to 0.0.0.0 makes it easier to deploy Quarkus to container, however it is not suitable for dev/test mode as other people on the network can connect to your development machine.
Environment variable: QUARKUS_HTTP_HOST
https://quarkus.io/version/3.8/guides/all-config
C:\Program Files\Keycloak\24.0>set JAVA_OPTS_APPEND=-Dquarkus.http.host=127.0.0.1
C:\Program Files\Keycloak\24.0>set QUARKUS_HTTP_HOST=127.0.0.1
C:\Program Files\Keycloak\24.0>bin\kc.bat start-dev
"JAVA_OPTS already set in environment; overriding default settings with values: -Dh2.bindAddress=127.0.0.1"
"Appending additional Java properties to JAVA_OPTS: -Dquarkus.http.host=127.0.0.1"
2024-05-27 16:19:57,684 WARN [org.infinispan.CONFIG] (keycloak-cache-init) ISPN000569: Unable to persist Infinispan internal caches as no global state enabled
2024-05-27 16:19:57,780 INFO [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller'
2024-05-27 16:19:58,825 INFO [org.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider] (main) Hostname settings: Base URL: <unset>, Hostname: LAP3738, Strict HTTPS: false, Path: <request>, Strict BackChannel: false, Admin URL: <unset>, Admin: <request>, Port: -1, Proxied: false
2024-05-27 16:19:59,535 WARN [io.quarkus.agroal.runtime.DataSources] (JPA Startup Thread) Datasource <default> enables XA but transaction recovery is not enabled. Please enable transaction recovery by setting quarkus.transaction-manager.enable-recovery=true, otherwise data may be lost if the application is terminated abruptly
2024-05-27 16:20:00,595 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: node_129835, Site name: null
2024-05-27 16:20:00,595 INFO [org.keycloak.broker.provider.AbstractIdentityProviderMapper] (main) Registering class org.keycloak.broker.provider.mappersync.ConfigSyncEventListener
2024-05-27 16:20:01,413 INFO [io.quarkus] (main) Keycloak 24.0.4 on JVM (powered by Quarkus 3.8.4) started in 5.137s. Listening on: http://0.0.0.0:8080
2024-05-27 16:20:01,413 INFO [io.quarkus] (main) Profile dev activated.
2024-05-27 16:20:01,413 INFO [io.quarkus] (main) Installed features: [agroal, cdi, hibernate-orm, jdbc-h2, keycloak, logging-gelf, narayana-jta, reactive-routes, resteasy-reactive, resteasy-reactive-jackson, smallrye-context-propagation, vertx]
2024-05-27 16:20:01,415 WARN [org.keycloak.quarkus.runtime.KeycloakMain] (main) Running the server in development mode. DO NOT use this configuration in production.
2024-05-27 16:24:49,766 INFO [io.quarkus] (main) Keycloak stopped in 0.029s
As you can see in the above messages, it's still listening globally, even though I set a different host and even though the DEV profile is enabled.
So, how do I make Quarkus listen on localhost only?
Thanks!
I know this question is old, but I just came across the same problem. While the solution from This answer did not work directly, I just tried setting the config http-host=127.0.0.1 (not publically documented) in keycloak.conf and it seems to work for me. Probably also works equally using keycloaks other config variants. If I were to guess, keycloak manually overrides quarkus.http.host with its own internal default.