Strip to bare minimum reverse proxy config.

Author: anderly

src/Aspire.Hosting.Keycloak/KeycloakResourceBuilderExtensions.cs

@@ -15,17 +15,11 @@ public static class KeycloakResourceBuilderExtensions
     private const string AdminEnvVarName = "KC_BOOTSTRAP_ADMIN_USERNAME";
     private const string AdminPasswordEnvVarName = "KC_BOOTSTRAP_ADMIN_PASSWORD";
     private const string HealthCheckEnvVarName = "KC_HEALTH_ENABLED"; // As per https://www.keycloak.org/observability/health
-    private const string ProxyEdgeEnvVarName = "KC_PROXY";
-    private const string HttpPortEnvVarName = "KC_HTTP_PORT";
     private const string HttpEnabledEnvVarName = "KC_HTTP_ENABLED";
-    private const string HostNamePortEnvVarName = "KC_HOSTNAME_PORT";
-    private const string HostNameStrictBackchannelEnvVarName = "KC_HOSTNAME_STRICT_BACKCHANNEL";
     private const string ProxyHeadersEnvVarName = "KC_PROXY_HEADERS";
     private const string HostNameStrictEnvVarName = "KC_HOSTNAME_STRICT";
-    private const string HostNameStrictHttpsEnvVarName = "KC_HOSTNAME_STRICT_HTTPS";
 
     private const int DefaultContainerPort = 8080;
-    private const int HttpsContainerPort = 8443;
     private const int ManagementInterfaceContainerPort = 9000; // As per https://www.keycloak.org/server/management-interface
     private const string ManagementEndpointName = "management";
     private const string RealmImportDirectory = "/opt/keycloak/data/import";
@@ -66,21 +60,22 @@ public static IResourceBuilder<KeycloakResource> AddKeycloak(
 
         var resource = new KeycloakResource(name, adminUsername?.Resource, passwordParameter);
 
-        var targetPort = port == HttpsContainerPort ? HttpsContainerPort : DefaultContainerPort;
-
         var keycloak = builder
             .AddResource(resource)
             .WithImage(KeycloakContainerImageTags.Image)
             .WithImageRegistry(KeycloakContainerImageTags.Registry)
             .WithImageTag(KeycloakContainerImageTags.Tag)
-            .WithHttpEndpoint(port: port, targetPort: targetPort)
+            .WithHttpEndpoint(port: port, targetPort: DefaultContainerPort)
             .WithHttpEndpoint(targetPort: ManagementInterfaceContainerPort, name: ManagementEndpointName)
             .WithHttpHealthCheck(endpointName: ManagementEndpointName, path: "/health/ready")
             .WithEnvironment(context =>
             {
                 context.EnvironmentVariables[AdminEnvVarName] = resource.AdminReference;
                 context.EnvironmentVariables[AdminPasswordEnvVarName] = resource.AdminPasswordParameter;
                 context.EnvironmentVariables[HealthCheckEnvVarName] = "true";
+                context.EnvironmentVariables[HttpEnabledEnvVarName] = "true";
+                context.EnvironmentVariables[ProxyHeadersEnvVarName] = "xforwarded";
+                context.EnvironmentVariables[HostNameStrictEnvVarName] = "false";
             })
             .WithUrlForEndpoint(ManagementEndpointName, u => u.DisplayLocation = UrlDisplayLocation.DetailsOnly);
 

tests/Aspire.Hosting.Keycloak.Tests/KeycloakResourceBuilderTests.cs

@@ -107,53 +107,13 @@ public void AddAddKeycloakDoesNotAddGeneratedPasswordParameterWithUserSecretsPar
     }
 
     [Fact]
-    public async Task VerifyManifestForHttp()
+    public async Task VerifyManifest()
     {
         using var builder = TestDistributedApplicationBuilder.Create();
         var keycloak = builder.AddKeycloak("keycloak");
 
         var manifest = await ManifestUtils.GetManifest(keycloak.Resource);
 
-        var expectedManifest = $$"""
-            {
-              "type": "container.v0",
-              "image": "{{KeycloakContainerImageTags.Registry}}/{{KeycloakContainerImageTags.Image}}:{{KeycloakContainerImageTags.Tag}}",
-              "args": [
-                "start-dev",
-                "--import-realm"
-              ],
-              "env": {
-                "KC_BOOTSTRAP_ADMIN_USERNAME": "admin",
-                "KC_BOOTSTRAP_ADMIN_PASSWORD": "{keycloak-password.value}",
-                "KC_HEALTH_ENABLED": "true"
-              },
-              "bindings": {
-                "http": {
-                  "scheme": "http",
-                  "protocol": "tcp",
-                  "transport": "http",
-                  "targetPort": 8080
-                },
-                "management": {
-                  "scheme": "http",
-                  "protocol": "tcp",
-                  "transport": "http",
-                  "targetPort": 9000
-                }
-              }
-            }
-            """;
-        Assert.Equal(expectedManifest, manifest.ToString());
-    }
-
-    [Fact]
-    public async Task VerifyManifestForHttps()
-    {
-        using var builder = TestDistributedApplicationBuilder.Create();
-        var keycloak = builder.AddKeycloak("keycloak", 8443);
-
-        var manifest = await ManifestUtils.GetManifest(keycloak.Resource);
-
         var expectedManifest = $$"""
             {
               "type": "container.v0",
@@ -166,21 +126,16 @@ public async Task VerifyManifestForHttps()
                 "KC_BOOTSTRAP_ADMIN_USERNAME": "admin",
                 "KC_BOOTSTRAP_ADMIN_PASSWORD": "{keycloak-password.value}",
                 "KC_HEALTH_ENABLED": "true",
-                "KC_PROXY": "edge",
-                "KC_HTTP_PORT": "8443",
                 "KC_HTTP_ENABLED": "true",
-                "KC_HOSTNAME_PORT": "8443",
-                "KC_HOSTNAME_STRICT_BACKCHANNEL": "false",
                 "KC_PROXY_HEADERS": "xforwarded",
-                "KC_HOSTNAME_STRICT": "false",
-                "KC_HOSTNAME_STRICT_HTTPS": "false"
+                "KC_HOSTNAME_STRICT": "false"
               },
               "bindings": {
                 "http": {
                   "scheme": "http",
                   "protocol": "tcp",
                   "transport": "http",
-                  "targetPort": 8443
+                  "targetPort": 8080
                 },
                 "management": {
                   "scheme": "http",