containers icon indicating copy to clipboard operation
containers copied to clipboard

Published 20 hours ago verified publisher icon bitnami

[bitnami/keycloak] Connection reset after upgrade to 26

Open NedPool opened this issue 1 year ago • 5 comments

Name and Version

bitnami/keycloak:26

What architecture are you using?

amd64

What steps will reproduce the bug?

  1. Install keycloak using bitnami repositories
  2. Attempt to visit keycloak installation via http://IP:PORT specified for container
  3. Nothing but "The connection was reset" in FF or "This page isn't working (didn't send any data)" in Chrome

My primary system is an unraid server (so it was upgrade from 25), but I tested with a fresh install on another system as well.

What is the expected behavior?

The keycloak login screen should be displayed in the browser when visiting the container address.

What do you see instead?

From Firefox:

The connection was reset

The connection to the server was reset while the page was loading.

From Chrome:

This page isn’t working
192.168.1.51 didn’t send any data.
ERR_EMPTY_RESPONSE

Additional information

The keycloak container logs don't show any connection events, at all. The only error that points to anything is this:

2024-10-09 22:50:43,232 WARN  [org.keycloak.quarkus.runtime.cli.Picocli] (main) The following run time options were found, but will be ignored during build time: kc.spi-hostname-v2-hostname-strict, kc.spi-hostname-v2-hostname

Not sure if this is an upstream keycloak issue or not.

NedPool avatar Oct 09 '24 23:10 NedPool

Sorry, I should also specify that I'm using postgres for database, as well. Tested with 15 and 17 (latest) on the fresh install.

NedPool avatar Oct 10 '24 11:10 NedPool

Well, I feel foolish... I thought I was smart to update my proxy settings to the new format for the EXTRA_ARGS (since --proxy=edge is completely deprecated), but I don't seem to require 'proxy-protocol-enabled' or 'proxy-headers' options at all!

Are these enabled by default in the new container?

NedPool avatar Oct 10 '24 11:10 NedPool

@NedPool I'm experiencing the same issue. Did you manage to figure out a fix?

binaryfire avatar Oct 12 '24 09:10 binaryfire

Hi,

As you are upgrading between major versions, it may be required to perform some manual steps. Did you check the upgrading guide? https://www.keycloak.org/docs/latest/upgrading/index.html#migrating-to-26-0-0

To help debugging the issue, you may want to set diagnosticMode.enabled=true value

javsalgar avatar Oct 14 '24 07:10 javsalgar

@NedPool My issue was caused by --proxy=edge being deprecated. You don't need proxy-protocol-enabled or any other proxy flags. Just use KEYCLOAK_PROXY_HEADERS=xforwarded (or KEYCLOAK_PROXY_HEADERS=forwarded). Keycloak now automatically configures itself to run behind a proxy if the headers flag is set.

binaryfire avatar Oct 14 '24 08:10 binaryfire