fix: redirect keycloak

florianow · florianow · commit e10cf17e430c · 2025-12-15T10:49:38.000+01:00
diff --git a/Caddyfile.azure b/Caddyfile.azure
@@ -73,10 +73,6 @@
         header_up Accept-Encoding identity
     }
 
-    replace {
-        "http://localhost:8083" "https://testminio.germanywestcentral.cloudapp.azure.com:8444"
-    }
-
     log {
         output stdout
         format json
diff --git a/README.md b/README.md
@@ -304,7 +304,7 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_allowed_ip_addresses"></a> [allowed\_ip\_addresses](#input\_allowed\_ip\_addresses) | Comma-separated list of IP addresses that will be allowed to access the MinIO service in CIDR format. Example: '203.0.113.0/32' for a single IP or '10.10.10.2/32,192.168.1.0/24' for multiple IPs. | `string` | `"10.10.10.2/32"` | no |
-| <a name="input_coraza_waf_image"></a> [coraza\_waf\_image](#input\_coraza\_waf\_image) | Coraza WAF container image | `string` | `"ghcr.io/meshcloud/minio_azure_container_app/coraza-caddy:caddy-2.8-coraza-v2.0.0"` | no |
+| <a name="input_coraza_waf_image"></a> [coraza\_waf\_image](#input\_coraza\_waf\_image) | Coraza WAF container image | `string` | `"ghcr.io/meshcloud/minio_azure_container_app/coraza-caddy:caddy-2.9.1-coraza-v2.0.0"` | no |
 | <a name="input_keycloak_admin_password"></a> [keycloak\_admin\_password](#input\_keycloak\_admin\_password) | Keycloak admin password | `string` | n/a | yes |
 | <a name="input_keycloak_admin_user"></a> [keycloak\_admin\_user](#input\_keycloak\_admin\_user) | Keycloak admin username | `string` | `"admin"` | no |
 | <a name="input_keycloak_test_user_email"></a> [keycloak\_test\_user\_email](#input\_keycloak\_test\_user\_email) | Keycloak test user email | `string` | `"test@test.com"` | no |
diff --git a/main.tf b/main.tf
@@ -536,9 +536,8 @@ resource "azurerm_container_group" "minio_aci_container_group" {
       KC_BOOTSTRAP_ADMIN_USERNAME       = var.keycloak_admin_user
       KC_BOOTSTRAP_ADMIN_PASSWORD       = var.keycloak_admin_password
       KC_HTTP_ENABLED                   = "true"
-      KC_HOSTNAME_STRICT                = "false"
-      KC_HOSTNAME_URL                   = "https://${azurerm_public_ip.agw_pip.fqdn}:8444"
-      KC_HOSTNAME_ADMIN_URL             = "https://${azurerm_public_ip.agw_pip.fqdn}:8444"
+      KC_HOSTNAME                       = "https://${azurerm_public_ip.agw_pip.fqdn}:8444"
+      KC_HOSTNAME_BACKCHANNEL_DYNAMIC   = "true"
       KC_PROXY_HEADERS                  = "xforwarded"
       KC_PROXY                          = "edge"
       KEYCLOAK_IMPORT                   = "/opt/keycloak/data/import/minio-realm-config.json"
@@ -697,6 +696,10 @@ resource "azurerm_container_group" "minio_aci_container_group" {
       port     = 8081
       protocol = "TCP"
     }
+    # ports {
+    #   port     = 8082
+    #   protocol = "TCP"
+    # }
 
     liveness_probe {
       http_get {
diff --git a/variables.tf b/variables.tf
@@ -70,7 +70,7 @@ variable "nginx_image" {
 
 variable "coraza_waf_image" {
   type        = string
-  default     = "ghcr.io/meshcloud/minio_azure_container_app/coraza-caddy:caddy-2.8-coraza-v2.0.0"
+  default     = "ghcr.io/meshcloud/minio_azure_container_app/coraza-caddy:caddy-2.9.1-coraza-v2.0.0"
   description = "Coraza WAF container image"
 }
 

Original file line number	Diff line number	Diff line change
`@@ -70,7 +70,7 @@ variable "nginx_image" {`
`70`	`70`
`71`	`71`	`variable "coraza_waf_image" {`
`72`	`72`	`type = string`
`73`		`- default = "ghcr.io/meshcloud/minio_azure_container_app/coraza-caddy:caddy-2.8-coraza-v2.0.0"`
	`73`	`+ default = "ghcr.io/meshcloud/minio_azure_container_app/coraza-caddy:caddy-2.9.1-coraza-v2.0.0"`
`74`	`74`	`description = "Coraza WAF container image"`
`75`	`75`	`}`
`76`	`76`