f751037a-ba7a-42ab-8a24-90e99fcd12d3

I have now updated KeyCloak to the latest version, namely version 25.0.1.

Now I get a different error message:
"HTTPS required"
The logs say:
error="ssl_required"

This error only appears in the V2 runtime.
Has anything changed regarding SSL processing in the V2 runtime?

interesting, I will look into it later today

To clarify this :
I get the error described here (ssl_required)
when I open the standard login form for end users.
Basically, you can say that various things do not work under the V2 runtime, even with different KeyCloak versions.

The new edge Proxy-Feature also did not make a difference

i think, i found the solution. I will test it a little more and post it than here

OK, I've now made a small step forward:
If I set the KeyCloak parameter "Proxy Headers" to "forwarded" and no longer to "xforwarded" then at least the login page is displayed correctly again.
The login still doesn't work and I can't access the admin UI either.

Does the new runtime use new proxy headers?

Another new finding:
When redirecting from KeyCloak to my application,
the KeyCloak server is specified in the "iss" parameter in the URL.
The legacy runtime uses https.
The V2 runtime uses http.
This reinforces my suspicion that
the behavior regarding the forward headers has changed

It worked here:

the runtime and the edge proxy are separate systems, the runtime would have nothing to do with headers

OK, then the behavior surprises me even more.
I'll try to get the Caddy proxy to log the incoming HTTP headers to check
whether the forwarded headers change in any way

there is no longer a need for the caddy proxy, can you please try deploying this pr

Nice, i will give it a try and post the results here

for what it's worth, I was able to reproduce the issue you described with a fresh template deploy, but I got it to work and was able to login after making the changes that I submitted in that PR

That's good to hear (:
I'm curious what causes these errors in the new runtime, but it's not worth going into the analysis if the PR fixes the problem

not sure the runtime is at fault here, we can't jump to such conclusions

jumping to conclusions like that has bit me in the past

It works now! Thanks for your support Brody!
Bought you some coffees ☕

thank you very much! I appreciate that

how can i mark your answer as the solution?

only mods/admins can

ahh, that explains it (:

update, my pr was merged and the template was updated!

Hello. I did not understand what was I supposed to do but just deployed this app I am not able to display the login page for some reason. It just tries to open and then giving this screen:

What is the problem you think? Thank you in advance!

change KC_HOSTNAME="${{RAILWAY_PUBLIC_DOMAIN}}" to KC_HOSTNAME="[https://${{RAILWAY_PUBLIC_DOMAIN](https://${{RAILWAY_PUBLIC_DOMAIN)}}"

@Collectors Comet - can you update this on the template for future users?

Thank you!

Hello Brody,
I have created a pull request here, which should hopefully make the template useable again.
https://github.com/leonardochappuis/keycloak-docker/pull/5
In the future it would probably be good if someone updated the template who also uses the template itself.

I have added a new parameter “KCPROXYHEADERS” to the pull request.
Does it have to be included here in the line so that it works:https://github.com/leonardochappuis/keycloak-docker/blob/master/Dockerfile#L3 ?

not sure, but it can't hurt