[Aerogear-users] Keycloak service hardcoded as "http"

Bram Vonk b.vonk+aerogear at first8.nl
Mon Aug 19 06:34:15 EDT 2019


Hi,

I'm using the aerogear unified push docker container as described on:

https://hub.docker.com/r/aerogear/unifiedpush-wildfly/

with environment variables as explained on:

https://github.com/aerogear/aerogear-unifiedpush-server

This describes:

KEYCLOAK_SERVICE_HOST
URL of a KeyCloak server providing authentication.

KEYCLOAK_SERVICE_PORT
KeyCloak service port.

which are used in servers/universal/src/main/docker/entrypoint.sh as
follows:

if [ !  -z "${KEYCLOAK_SERVICE_HOST}" ]; then
  /opt/jboss/wildfly/bin/standalone.sh -Dups.realm.name=aerogear
-Dups.auth.server.url=http://${KEYCLOAK_SERVICE_HOST}:${KEYCLOAK_SERVICE_PORT}/auth
-b 0.0.0.0
else
  /opt/jboss/wildfly/bin/standalone.sh -b 0.0.0.0
fi

This makes that keycloak MUST reside on http. I run keycloak under https.
Minor point is that i'd rather also not specify the port.

Questions:
1) Are there any other options I could/should use?

and if not:

2) Would you welcome a pull request which changes this to one environment
variable KEYCLOAK_SERVICE_URL (which expects something like
https://yourkeycloakserver.tld/auth )? This would be a breaking change.
Another option would be to have an extra (optional) environment variable
KEYCLOAK_SERVICE_PROTOCOL which expects https, http or nothing (defaulting
to http, making this a non-breaking change).

Thanks,

Bram Vonk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-users/attachments/20190819/e8ecc40d/attachment.html 


More information about the Aerogear-users mailing list