mirror of
https://github.com/keycloak/keycloak.git
synced 2026-06-09 09:04:21 -04:00
Dominik Guhr
Pedro Igor
parent
9541852a9b
commit
7a8d38eae3
1 changed files with 11 additions and 0 deletions
|
|
@ -64,6 +64,17 @@ To perform this action, you can override the hostname path to use the path defin
|
|||
The `hostname-path` configuration takes effect when a reverse proxy is enabled.
|
||||
For details, see the <@links.server id="reverseproxy"/> Guide.
|
||||
|
||||
== Accessing Keycloak in production mode using HTTP
|
||||
Keycloak follows the "secure by design" principle, so it is absolutely not recommmended to access Keycloak without proper transport encryption, as this opens up multiple attack vectors.
|
||||
|
||||
Nevertheless there are environments, where Keycloak is deployed behind a proxy/load balancer that terminates TLS completely and the internal requests are done using the unencrypted HTTP protocol.
|
||||
|
||||
To be able to work with Keycloak using HTTP for these environments, there is the hidden configuration option `hostname-strict-https=<true/false>`. This option is set to `true` by default for the production mode, and `false` for the development mode.
|
||||
|
||||
When you need to access Keycloak using HTTP in production mode, for example when you use `proxy=edge` and you want to access the administration console internally using HTTP, you have to set `hostname-strict-https=false`, otherwise a blank page will show up.
|
||||
|
||||
Keep in mind the recommended approach is to always use HTTPS, and this still is true for external clients.
|
||||
|
||||
== Using the hostname in development mode
|
||||
You run Keycloak in development mode by using `start-dev`.
|
||||
In this mode, the hostname setting is optional.
|
||||
|
|
|
|||
Loading…
Reference in a new issue