Installing in domain.com/path

thiagopratiifc · August 28, 2025, 3:13pm

Is ir possible to install openremote in a domain.com/openremote? If yes, is there a docker compose example for such installation.

Thank you in advance.

wborn · August 29, 2025, 1:33pm

We did some testing with this some time ago and added a few container environment variables to support path based proxying (see #1669). It requires Docker Compose configuration changes to the proxy, the manager and keycloak containers:

Proxy

Add the prefix environment variables:

    environment:
...
      KEYCLOAK_PATH_PREFIX: /openremote
      MANAGER_PATH_PREFIX: /openremote
...

Keycloak

The Keycloak configuration needs to be rebuild so a different startup command is required to do this. This slows down the startup so you might want to build your own Keycloak image to improve startup times.

    command: >
      /bin/sh -c "/opt/keycloak/bin/kc.sh build --spi-initializer-provider=issuer &&
      /opt/keycloak/bin/kc.sh ${KEYCLOAK_START_COMMAND:-start} --optimized
      --spi-initializer-issuer-base-uri=${KEYCLOAK_ISSUER_BASE_URI:-}
      --spi-theme-login-default=${KEYCLOAK_LOGIN_THEME:-openremote}
      --spi-theme-account-theme=${KEYCLOAK_ACCOUNT_THEME:-openremote}
      --spi-theme-welcome-theme=${KEYCLOAK_WELCOME_THEME:-keycloak}
      --spi-theme-admin-theme=${KEYCLOAK_ADMIN_THEME:-keycloak}
      ${KEYCLOAK_START_OPTS:-}"

...

    environment:
...
      KC_HOSTNAME_STRICT: "false"
      KC_HEALTH_ENABLED: "true"
      KC_METRICS_ENABLED: "true"
      KC_FEATURES: token-exchange
      KC_HTTP_RELATIVE_PATH: /openremote/auth
...

Manager

The manager (OR_KEYCLOAK…) environment variables need to be reconfigured as Keycloak will run on a different URL. There’s also OR_PATH_PREFIX that adds prefixes to API responses. To redirect to the updated manager path also configure OR_ROOT_REDIRECT_PATH.

    environment:
...
      OR_KEYCLOAK_PATH: /openremote/auth
      OR_KEYCLOAK_PUBLIC_URI: /openremote/auth
      OR_PATH_PREFIX: /openremote
      OR_ROOT_REDIRECT_PATH: /openremote/manager/
...

thiagopratiifc · August 29, 2025, 1:57pm

Thank you so much for your explanation.
I’ll try these configurations!

thiagopratiifc · August 30, 2025, 8:11pm

I created the compose and got the following when starting the docker:

....
 keycloak-1    | The following build time non-cli properties were found, but will be ignored during run time: kc.features, kc.http-relative-path, kc.health-enabled, kc.metrics-enabled
keycloak-1    | INFO  [org.keycloak.common.Profile] (main) Preview features enabled: token-exchange
keycloak-1    | INFO  [org.openremote.keycloak.IssuerInitializerProvider] (main) No issuer BaseURI provided
keycloak-1    | INFO  [org.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider] (main) Hostname settings: Base URL: <unset>, Hostname: localhost, Strict HTTPS: true, Path: <request>, Strict BackChannel: false, Admin URL: <unset>, Admin: <request>, Port: -1, Proxied: true
....

keycloak-1    | INFO  [io.quarkus] (main) Keycloak 23.0.7 on JVM (powered by Quarkus 3.2.10.Final) started in 33.226s. Listening on: http://0.0.0.0:8080
.....

And when manager was starting, the following appreared:

manager-1     | INFO    [main                          ] remote.manager.setup.KeycloakInitService : Connecting to Keycloak server: http://keycloak:8080/openremote/auth
manager-1     | INFO    [main                          ] remote.manager.setup.KeycloakInitService : Keycloak server not available, waiting...

Should I create the variable KEYCLOAK_ISSUER_BASE_URI?
And the options that are beeing ignored, should i add them to the build command?
Manager tries looking on the corret path but keyclock is not available.

Thank you.

system · November 28, 2025, 8:11pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.