I’m running Keycloak 26.4.0 in Docker on Ubuntu.
PostgreSQL is running in another container on the same Docker network.
When I access Keycloak via https://localhost:8443, everything works fine:
I can create, edit, and delete users.
Password updates persist in the database.
However, when I access the same container using my domain name
👉https://identity.atlas.works.com:8443
the admin console behaves strangely:
I can log in successfully.
Creating a user appears to succeed (green success message).
But passwords don’t get saved, and deleting users does nothing.
PostgreSQL shows no updates when these actions happen.
Same with MSSQL database.
This is my SETUP :
sudo docker run -d --name keycloak \ -v /opt/KCSetupT/certs:/opt/keycloak/certs \ -e KC_DB=postgres \ -e KC_DB_URL=jdbc:postgresql://keycloak_postgres:5432/keycloak \ -e KC_DB_USERNAME=keycloak \ -e KC_DB_PASSWORD=mypassword \ -e KC_PROXY=none \ -e KC_HTTPS_CERTIFICATE_FILE=/opt/keycloak/certs/identity_atlas.crt \ -e KC_HTTPS_CERTIFICATE_KEY_FILE=/opt/keycloak/certs/identity_atlas.key \ -e KC_HOSTNAME=identity.atlas.works.com \ -e KC_HOSTNAME_STRICT=false \ -e KC_BOOTSTRAP_ADMIN_USERNAME=admin \ -e KC_BOOTSTRAP_ADMIN_PASSWORD=admin \ -p 8443:8443 \ --network kcsetup_default \ quay.io/keycloak/keycloak:26.4.0 startI also tried adding:
--add-host identity.atlas.meci.gov.cy:10.111.222.42Where IP is my VM IP where docker is running but the issue persists — same behaviour.
NOTE: I am not using any proxy Its just VM where docker is running and I try to access KC with domain name. Host files has been updated as well.
What I’ve verified:
Database connection is OK (
kc show-configconfirms the JDBC URL).Certificates load successfully and HTTPS works.
The Keycloak logs show no errors (only standard startup info).
I can access Keycloak from inside the VM using both localhost and the domain.
But user admin actions (password/deletion) never persist when using the domain.
Question:
Why does Keycloak 26.4.0 fail to persist admin actions (like setting passwords or deleting users)
when accessed via a domain name instead of localhost, even though DB connectivity and certificates are correct?
Is this related to Keycloak’s KC_PROXY mode, hostname validation, or some internal HTTPS loopback issue?
What is the correct way to configure Keycloak in Docker to make it work properly with a domain name?
Before someone mentions that similar questions already exist, please note that there are two different questions on Stack Overflow.
The first one is about a database connection issue, which is not related to my case. In my setup, Keycloak successfully saves data to the database, and I can see the tables. When I create a new user, it appears correctly. However, when I try to add a password, it fails to save the password in the database, also all other setting settings I change like delete user.
The second question is about a GCP domain issue (server not found). In my case, Keycloak is accessible via the domain, and I can even log in.
So, my question is unique.