search

bitnami / containers

Bitnami container images
https://bitnami.com
Other
3.36k stars 4.83k forks source link

[bitnami/keycloak] Connection reset after upgrade to 26 #73212

Open NedPool opened 1 week ago

NedPool commented 1 week ago

Name and Version

bitnami/keycloak:26

What architecture are you using?

amd64

What steps will reproduce the bug?

  1. Install keycloak using bitnami repositories
  2. Attempt to visit keycloak installation via http://IP:PORT specified for container
  3. Nothing but "The connection was reset" in FF or "This page isn't working (didn't send any data)" in Chrome

My primary system is an unraid server (so it was upgrade from 25), but I tested with a fresh install on another system as well.

What is the expected behavior?

The keycloak login screen should be displayed in the browser when visiting the container address.

What do you see instead?

From Firefox:

The connection was reset

The connection to the server was reset while the page was loading.

From Chrome:

This page isn’t working
192.168.1.51 didn’t send any data.
ERR_EMPTY_RESPONSE

Additional information

The keycloak container logs don't show any connection events, at all. The only error that points to anything is this:

2024-10-09 22:50:43,232 WARN  [org.keycloak.quarkus.runtime.cli.Picocli] (main) The following run time options were found, but will be ignored during build time: kc.spi-hostname-v2-hostname-strict, kc.spi-hostname-v2-hostname

Not sure if this is an upstream keycloak issue or not.

NedPool commented 1 week ago

Sorry, I should also specify that I'm using postgres for database, as well. Tested with 15 and 17 (latest) on the fresh install.

NedPool commented 1 week ago

Well, I feel foolish... I thought I was smart to update my proxy settings to the new format for the EXTRA_ARGS (since --proxy=edge is completely deprecated), but I don't seem to require 'proxy-protocol-enabled' or 'proxy-headers' options at all!

Are these enabled by default in the new container?

binaryfire commented 1 week ago

@NedPool I'm experiencing the same issue. Did you manage to figure out a fix?

javsalgar commented 1 week ago

Hi,

As you are upgrading between major versions, it may be required to perform some manual steps. Did you check the upgrading guide? https://www.keycloak.org/docs/latest/upgrading/index.html#migrating-to-26-0-0

To help debugging the issue, you may want to set diagnosticMode.enabled=true value

binaryfire commented 1 week ago

@NedPool My issue was caused by --proxy=edge being deprecated. You don't need proxy-protocol-enabled or any other proxy flags. Just use KEYCLOAK_PROXY_HEADERS=xforwarded (or KEYCLOAK_PROXY_HEADERS=forwarded). Keycloak now automatically configures itself to run behind a proxy if the headers flag is set.