How to use Dockerized Keycloak with a reverse proxy

When using Keycloak in a development environment, all the connections to your app, database, and Keycloak are made on your internal network. When you put your app into production, then your users may well be accessing your Keycloak server from outside your network. This is especially true when developing Single Page Applications SPA’s.

It is common practice to run the Keycloak server over HTTP behind a reverse proxy, which in turn provides your users with the HTTPS connection to keep their credentials private. This is where problems can start to arise with mixed content error messages.

Network Diagram showing Keycloak behind a Reverse Proxy

The solution is quite straight forward and requires only the addition of two environment variables to the Keycloak Service in the docker-compose.yaml file.

The two environment variables you need to add are

PROXY_ADDRESS_FORWARDING: "true"
REDIRECT_SOCKET: "proxy-https"

A full example of a docker-compose.yaml is shown below to give you some context.

Let me know in the comments how you get on and subscribe to my medium channel to get notified of new full-stack development articles.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store