Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot remotely access the Camunda 8 with Docker compose by using IP address #838

Closed
luongto opened this issue Sep 6, 2024 · 3 comments
Closed

Cannot remotely access the Camunda 8 with Docker compose by using IP address #838

luongto opened this issue Sep 6, 2024 · 3 comments
Labels
good first issue Good for newcomers

Comments

@luongto
Copy link

luongto commented Sep 6, 2024

I have the Camunda 8 run on an EC2 with docker compose, everything is okay with localhost, however, I want to remotely access the operate or tasklist using the public IP address, I got an error like "We are sorry... HTTPS required". I guess that is a miss-configuration for the Keycloak, not the Camunda itself.

I also set the env variables KEYCLOAK_HOST and HOST in the .env

Can you help advise if I probably missed something with the docker compose?

https://stackoverflow.com/questions/78951105/camunda-8-with-docker-compose
@jessesimpson36 jessesimpson36 mentioned this issue Sep 6, 2024
Merged
@jessesimpson36
Copy link
Contributor

Did you change the version of keycloak you're running in .env? or the image ?

I just tried using a remote server after my above patch and things seem to be fine.

@luongto
Copy link
Author

luongto commented Sep 7, 2024
edited
Loading

thanks for your comment, I use the .env, from the repository, like below`
# renovate: datasource=docker depName=camunda/connectors-bundle
CAMUNDA_CONNECTORS_VERSION=8.6.0-alpha5-rc1
CAMUNDA_PLATFORM_VERSION=8.6.0-alpha4
# renovate: datasource=docker depName=camunda/optimize
CAMUNDA_OPTIMIZE_VERSION=8.6.0-alpha5-rc1
# renovate: datasource=docker depName=camunda/web-modeler-restapi
CAMUNDA_WEB_MODELER_VERSION=8.6.0-alpha5-rc1
# renovate: datasource=docker depName=elasticsearch
ELASTIC_VERSION=8.15.0
KEYCLOAK_SERVER_VERSION=24.0.5
# renovate: datasource=docker depName=axllent/mailpit
MAILPIT_VERSION=v1.20.3
POSTGRES_VERSION=14.5-alpine
HOST=my-ip
KEYCLOAK_HOST=my-ip

## Configuration ##
# By default the zeebe api is public, when setting this to identity a valid zeebe client token is required
ZEEBE_AUTHENTICATION_MODE=none
ZEEBE_CLIENT_ID=zeebe
ZEEBE_CLIENT_SECRET=zecret

# Set to 'true' to enable resource based authorizations for users and groups
# This can be used to limit access for users or groups to view/update specific
# processes and decisions in Operate and Tasklist
RESOURCE_AUTHORIZATIONS_ENABLED=false

# Set to 'true' to enable multi-tenancy across all components
# This requires use of identity for authentication
#
# ZEEBE_AUTHENTICATION_MODE=identity
#
MULTI_TENANCY_ENABLED=false
`

@aabouzaid aabouzaid added the good first issue Good for newcomers label Sep 9, 2024
@luongto
Copy link
Author

luongto commented Sep 10, 2024

I figured out the issue, that actually is a mis-configuration. Some possibly options to set the flag ssl_required to false, in the Dev env

  1. use .kcadmin.sh
  2. update the table REALM, set the field ssl_required to false
  3. use keycloak admin

However, these are not recommended in the PROD env where a reverse proxy to expose the keycloak to public network is a good option.

@luongto luongto closed this as completed Sep 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@luongto @aabouzaid @jessesimpson36