search

camunda / camunda-platform

Links to Camunda Platform 8 resources, releases, and local development config
349 stars 259 forks source link

Cannot remotely access the Camunda 8 with Docker compose by using IP address #838

Closed luongto closed 2 months ago

luongto commented 2 months ago

I have the Camunda 8 run on an EC2 with docker compose, everything is okay with localhost, however, I want to remotely access the operate or tasklist using the public IP address, I got an error like "We are sorry... HTTPS required". I guess that is a miss-configuration for the Keycloak, not the Camunda itself.

I also set the env variables KEYCLOAK_HOST and HOST in the .env

Can you help advise if I probably missed something with the docker compose?

https://stackoverflow.com/questions/78951105/camunda-8-with-docker-compose

jessesimpson36 commented 2 months ago

Did you change the version of keycloak you're running in .env? or the image ?

I just tried using a remote server after my above patch and things seem to be fine.

luongto commented 2 months ago

thanks for your comment, I use the .env, from the repository, like below` # renovate: datasource=docker depName=camunda/connectors-bundle CAMUNDA_CONNECTORS_VERSION=8.6.0-alpha5-rc1 CAMUNDA_PLATFORM_VERSION=8.6.0-alpha4 # renovate: datasource=docker depName=camunda/optimize CAMUNDA_OPTIMIZE_VERSION=8.6.0-alpha5-rc1 # renovate: datasource=docker depName=camunda/web-modeler-restapi CAMUNDA_WEB_MODELER_VERSION=8.6.0-alpha5-rc1 # renovate: datasource=docker depName=elasticsearch ELASTIC_VERSION=8.15.0 KEYCLOAK_SERVER_VERSION=24.0.5 # renovate: datasource=docker depName=axllent/mailpit MAILPIT_VERSION=v1.20.3 POSTGRES_VERSION=14.5-alpine HOST=my-ip KEYCLOAK_HOST=my-ip

## Configuration ## # By default the zeebe api is public, when setting this to identity a valid zeebe client token is required ZEEBE_AUTHENTICATION_MODE=none ZEEBE_CLIENT_ID=zeebe ZEEBE_CLIENT_SECRET=zecret

# Set to 'true' to enable resource based authorizations for users and groups # This can be used to limit access for users or groups to view/update specific # processes and decisions in Operate and Tasklist RESOURCE_AUTHORIZATIONS_ENABLED=false

# Set to 'true' to enable multi-tenancy across all components # This requires use of identity for authentication # # ZEEBE_AUTHENTICATION_MODE=identity # MULTI_TENANCY_ENABLED=false `

luongto commented 2 months ago

I figured out the issue, that actually is a mis-configuration. Some possibly options to set the flag ssl_required to false, in the Dev env

  1. use .kcadmin.sh
  2. update the table REALM, set the field ssl_required to false
  3. use keycloak admin

However, these are not recommended in the PROD env where a reverse proxy to expose the keycloak to public network is a good option.