Enhance documentation for hostname-port and hostname-admin-url

[pleutres]

Description

I faced an issue by configuring :

hostname-port=443.
hostname-admin-url=https://mydomain/keycloak

I tried to access the console with https://mydomain/keycloak and stay blocked on the spinning waiting page without any clue.
Let's try to improve that :)

Discussion

No response

Motivation

To gain time in configuration resolution

Details

With a reverse proxy nginx and keycloak, login in admin console lead to be blocked on :

/realms/master/protocol/openid-connect/login-status-iframe.html/init?client_id=security-admin-console ....

With a 204 return code and no other errors.
I had to explore keycloak source code to find the cause ; this test failed in keycloak.js :
if ((event.origin !== loginIframe.iframeOrigin) in keycloak.js

After a (lot of) time of search, it appears that it compares :
https://mydomain/keycloak
and
https://mydomain:443/keycloak

because I'd setup hostname-port to 443 in keycloak.config
removing hostname-port make it works.

My keycloak configuration :

hostname=mydomain  
proxy=reencrypt  
hostname-strict=false  
#hostname-port=443  
hostname-path=keycloak  
http-relative-path=keycloak  
hostname-admin-url=https://mydomain/keycloak

2 ways to improve it :

1. maybe add some lines in documentation to take care of this particular port as it is removed from adress bar by browser
2. put a warn log in the keycloak.js for error case or if it creates to many logs, use a log level to add more information on keycloak behavior on client side ?

[usagi-flow]

Thanks a lot for your analysis, it saved me (more) hours of research why KC wouldn't work with a reverse proxy anymore...

In addition to hostname-port being left empty, port 443 must also not be included in hostname-url.