howto set bind-address for the management-interface

[A.Schulze]

Hello,

https://www.keycloak.org/server/management-interface describe how to set the port on which the management-interface is available.
But I do not find an option to set a bind address. By goal is to limit the accessibility to the loopback or a local network, but not INADDR_ANY

To be clear: only the management-interface should be limited, not the workload
Is that possible?

Andreas

[Vitalii Ishchenko]

It seems that there is a property, but it is not documented (maybe there is a reason for this...)

It is called http-management-host and maps to quarkus property quarkus.management.host

https://github.com/keycloak/keycloak/blob/26.3.2/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/ManagementPropertyMappers.java#L51

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/keycloak-user/f6cdb7bc-edce-4c3d-975b-48fb657968a7%40andreasschulze.de.

[Björn Pedersen]

Just block the port in your firewall?

 

Andreas

[Alexander Schwartz]

Thank you for figuring out this hidden option. 

Maybe this can be revisited and be made a visible option - adding @Martin Bartos  to this thread. 

Limiting it to the local machine could actually be a good practice for some.

Best,

Alexander

To view this discussion visit https://groups.google.com/d/msgid/keycloak-user/CAHsi_YSYGhe4Rz6U51NcOocyFt6cTMxQmo8iM_8R3OhagS4Rug%40mail.gmail.com.

--

Alexander Schwartz, RHCE

He/Him

Principal Software Engineer, Keycloak Maintainer

Red Hat - Germany remote

asch...@redhat.com   

Red Hat GmbH, Registered seat: Werner von Siemens Ring 12, D-85630 Grasbrunn, Germany 
Commercial register: Amtsgericht Muenchen/Munich, HRB 153243,
Managing Directors: Ryan Barnhart, Charles Cachera, Michael O'Neill, Amy Ross