Keycloak service hardcoded as "http"
by Bram Vonk
Hi,
I'm using the aerogear unified push docker container as described on:
https://hub.docker.com/r/aerogear/unifiedpush-wildfly/
with environment variables as explained on:
https://github.com/aerogear/aerogear-unifiedpush-server
This describes:
KEYCLOAK_SERVICE_HOST
URL of a KeyCloak server providing authentication.
KEYCLOAK_SERVICE_PORT
KeyCloak service port.
which are used in servers/universal/src/main/docker/entrypoint.sh as
follows:
if [ ! -z "${KEYCLOAK_SERVICE_HOST}" ]; then
/opt/jboss/wildfly/bin/standalone.sh -Dups.realm.name=aerogear
-Dups.auth.server.url=http://${KEYCLOAK_SERVICE_HOST}:${KEYCLOAK_SERVICE_PORT}/auth
-b 0.0.0.0
else
/opt/jboss/wildfly/bin/standalone.sh -b 0.0.0.0
fi
This makes that keycloak MUST reside on http. I run keycloak under https.
Minor point is that i'd rather also not specify the port.
Questions:
1) Are there any other options I could/should use?
and if not:
2) Would you welcome a pull request which changes this to one environment
variable KEYCLOAK_SERVICE_URL (which expects something like
https://yourkeycloakserver.tld/auth )? This would be a breaking change.
Another option would be to have an extra (optional) environment variable
KEYCLOAK_SERVICE_PROTOCOL which expects https, http or nothing (defaulting
to http, making this a non-breaking change).
Thanks,
Bram Vonk
5 years, 2 months