Portworx Backup web console access
Portworx by Pure Storage strongly recommends not to expose Portworx Backup and its Keycloak services to the public internet for security reasons.
Access the Portworx Backup web console using DNS over HTTPS for 2.5.0
Make sure that all the associated pods can resolve the DNS name.
If you are on Portworx Backup version 2.5.0 with a load balancer and self-signed certificates and need to access the web console from a cluster over HTTPS, perform the following steps:
-
From the command prompt, navigate to the cluster where your Portworx Backup is installed.
-
Edit the
keycloak sts:
kubectl edit sts pxcentral-keycloak -n <backup-installed-namespace>
- Append this new key in
envsection:
- name: KC_HOSTNAME
value: <px-backup-ui-host-name>
- Set the following key values to
true:
- name: KC_HOSTNAME_STRICT
value: "true"
- name: KC_HOSTNAME_STRICT_HTTPS
value: "true"
Access the Portworx Backup UI over HTTP for 2.5.0
If you are on Portworx Backup version 2.5.0, perform the following steps to access Portworx Backup web console over HTTP:
-
From the command prompt, navigate to the cluster where your Portworx Backup is installed.
-
Edit the
keycloak sts:
kubectl edit sts pxcentral-keycloak -n <backup-installed-namespace>
- Append this new key in
envsection:
- name: KC_HTTP_ENABLED
value: `true`
- Delete the following key in
envsection:
- name: KC_PROXY
value: edge
Browser settings in Keycloak
If you are on Keycloak version 21.1.1 and above, perform the following steps to resolve Keycloak log out issue after a refresh:
-
Login to Keycloak console as an admin user and navigate to left navigation pane.
-
Click Authentication and then click Browser.
-
Navigate to forms and then choose Alternative from the dropdown list.
If you are on Keycloak version 16.1.1 and below, perform the following steps to resolve log out issue after a refresh:
-
Login to Keycloak console as an admin user and navigate to left navigation pane.
-
Click Authentication and then choose Browser dropdown list that is below the Authentication tab.
-
Navigate to forms row and select the Alternative option and Keylcoak auto-saves this setting.
Keycloak sts to upgrade from 2.5.0 to 2.5.1
If you have modified keycloak sts settings either for HTTP or HTTPS in Portworx Backup version 2.5.0 to access the web console, you need to revert those changes after upgrading to 2.5.1 version. The values should be in sync with the following keycloak yaml file after reverting all the changes:
- name: KC_HOSTNAME_STRICT
value: "false"
- name: KC_HOSTNAME_STRICT_HTTPS
value: "false"
- name: PROXY_ADDRESS_FORWARDING
value: "true"
- name: KEYCLOAK_ADMIN
value: admin
- name: KEYCLOAK_ADMIN_PASSWORD
value: admin
- name: KC_HTTP_RELATIVE_PATH
value: /auth
- name: KC_DB
value: postgres
- name: KC_DB_URL_HOST
value: pxcentral-keycloak-postgresql
- name: KC_DB_URL_PORT
value: "5432"
- name: KC_DB_USERNAME
valueFrom:
secretKeyRef:
key: postgresql-username
name: pxcentral-keycloak-postgresql
- name: KC_DB_PASSWORD
valueFrom:
secretKeyRef:
key: postgresql-password
name: pxcentral-keycloak-postgresql
- name: KC_PROXY
value: edge
If you choose to be on Portworx Backup version 2.5.0 for some reasons, refer the following topic to configure access to the web console: