Keycloak18 index page "Resource not found"

Question

I would really appreciate some help with the current issue I am experiencing.

Context: I have been upgrading my instance of keycloak from 16.x to 18.x. After many hours of research, I have been defeated by this one issue.

Issue: When I go to the site URL for this example https://thing.com/ I am greeted with the following "Resource not found", instead of the keycloak welcome page. In my chrome network monitoring it will show the following:

Error with network monitor

Infra: Keycloak lives on its machine. The URL reaches keycloak through a Caddy Service as a reverse proxy.

Relative scripts: Docker-compose

version: "3.1"
services:
  keycloak:
    image: quay.io/keycloak/keycloak:18.0.2
    environment:
      JAVA_OPTS: "-XX:+UseContainerSupport -XX:MaxRAMPercentage=75.0 -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=\"org.jboss.byteman\" -Djava.awt.headless=true"

      KC_HOSTNAME_PORT: 8080
      KC_HOSTNAME: ${KC_HOME}
      KC_PROXY: edge
      KC_DB_URL: 'jdbc:postgresql://${KEYCLOAK_DB_ADDR}/${KEYCLOAK_DB_DATABASE}?sslmode=require'
      KC_DB: postgres
      KC_DB_USERNAME: ${KEYCLOAK_DB_USER}
      KC_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD}
      KC_HTTP_RELATIVE_PATH: /auth
      KC_HOSTNAME_STRICT_HTTPS: 'false'

    command: start --auto-build
    ports:
      - 8080:8080
      - 8443:8443
    volumes:
      - backup:/var/backup
    healthcheck:
      test: curl -I http://127.0.0.1:8080/

volumes:
  backup:

NOTE: If I remove this KC_HTTP_RELATIVE_PATH: /auth it will behave as intended. However, I would prefer I do not remove this aspect of the service as it is tied to that relative path for a lot of the services using keycloak.

I can replicate this with a local docker image built using the same environment variables.

Does anyone perhaps know some secret ninja moves I could do to get it to direct to the welcome page?

Answer 1

Automatic redirect from / to KC_HTTP_RELATIVE_PATH is not supported in Keycloak 18 (see https://github.com/keycloak/keycloak/discussions/10274).

You have to add the redirect in the reverse proxy, in Caddy there is redir.