[aerogear-dev] setting up aerogear behind nginx proxy

Matthias Wessendorf matzew at apache.org
Fri Oct 17 02:08:08 EDT 2014 

Hey Chris!

glad to hear about the progress :)

regarding the "Invalid redirect_uri", looks like something goes wrong with
the redirect/ forward.
On the page were you get the login form (or the Invalid redirect_uri), can
you compare the URL in the browser ?
(especially the part after the &redirect_uri param).

On the 500, any stack trace there?

Thanks,
Matthias


On Fri, Oct 17, 2014 at 7:38 AM, chale <chris.hale at me.com> wrote:

> I am having a little more positive progress and a few more useful things
> to report from me trying to get this working.
> The logs below aren’t an issue anymore.  Here is how i now have things
> setup.
>
> I have nginx setup and running on port 443 and my nginx config looks like
> this
> location / {
>         if ($http_user_agent ~ ^$) {
> #                return 403;
>         }
>
>         proxy_pass http://10.128.93.235:8080/;
>         proxy_redirect off;
>
>         proxy_set_header Host $host;
> proxy_set_header X-Forwarded-Proto "https";
> proxy_set_header X-Forwarded-Host $host;
>         proxy_set_header X-Forwarded-Server $host;
>        proxy_set_header X-Real-IP $remote_addr;
>         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>     }
>
>
> I seem to be able to login if i choose http://myserver.com  but if i try
> and do https://myserver.com/ag-push
>
> I get a message that is saying we are sorry Invalid redirect_uri. .
>
> In looking at the http requests I am seeing
> /auth/realms/aerogear/tokens/login url cause a 500
>
> Any way to troubleshoot why its giving a 500?
>
> Thanks in advance,
>
>
>
>
> --
> Chris Hale
> Sent with Sparrow <http://www.sparrowmailapp.com/?sig>
>
> On Friday, October 17, 2014 at 12:31 AM, Matthias Wessendorf [via
> aerogear-dev] wrote:
>
>  Hi Chris!
>
> thanks for trying the UnifiedPush Server. I have never tried to run the
> UPS behind a (ngnix) proxy. Does the same config work w/o the proxy? The
> stack above says "Unable to resolve realm public key remotely", so I am
> wondering if the Keycoak Auth-Server is deployed as well.
>
> In the meantime I'll ask our Keycloak friends if they have any experience
> on this.
>
> Thanks,
> Matthias
>
> On Fri, Oct 17, 2014 at 6:59 AM, chale <[hidden email]
> <http://user/SendEmail.jtp?type=node&node=9490&i=0>> wrote:
>
> Hi,
>     I need some help.  I am trying to setup aerogear behind a nginx proxy
> server that has ssl enabled and I am running into issues.  Anytime i try to
> go to /ag-push I see this in the logs
>
> RROR [org.apache.catalina.connector.CoyoteAdapter]
> (http--10.128.93.235-8080-5) An exception or error occurred in the
> container
> during the request processing: java.lang.RuntimeException: Unable to
> resolve
> realm public key remotely, status = 403
>         at
>
> org.keycloak.adapters.AdapterDeploymentContext.resolveRealmKey(AdapterDeploymentContext.java:69)
> [keycloak-adapter-core-1.0-final.jar:]
>         at
>
> org.keycloak.adapters.AdapterDeploymentContext.resolveDeployment(AdapterDeploymentContext.java:55)
> [keycloak-adapter-core-1.0-final.jar:]
>         at
>
> org.keycloak.adapters.as7.AuthenticatedActionsValve.invoke(AuthenticatedActionsValve.java:45)
> [keycloak-as7-adapter-1.0-final.jar:]
>         at
>
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:397)
> [jbossweb-7.0.13.Final.jar:]
>         at
>
> org.keycloak.adapters.as7.KeycloakAuthenticatorValve.invoke(KeycloakAuthenticatorValve.java:135)
> [keycloak-as7-adapter-1.0-final.jar:]
>         at
> org.jboss.as.web.security.SecurityContextAssociationValve.invoke
> (SecurityContextAssociationValve.java:153)
> [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
>         at
>
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
> [jbossweb-7.0.13.Final.jar:]
>         at
>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> [jbossweb-7.0.13.Final.jar:]
>         at
>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> [jbossweb-7.0.13.Final.jar:]
>         at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
> [jbossweb-7.0.13.Final.jar:]
>         at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)
> [jbossweb-7.0.13.Final.jar:]
>         at
>
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671)
> [jbossweb-7.0.13.Final.jar:]
>         at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
> [jbossweb-7.0.13.Final.jar:]
>         at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_65]
>
> Does anyone have any advice or experience on how to go about setting up
> aerogear behind an nginx proxy?
>
>
>
> --
> View this message in context:
> http://aerogear-dev.1069024.n5.nabble.com/setting-up-aerogear-behind-nginx-proxy-tp9489.html
> Sent from the aerogear-dev mailing list archive at Nabble.com.
> _______________________________________________
> aerogear-dev mailing list
> [hidden email] <http://user/SendEmail.jtp?type=node&node=9490&i=1>
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>
> _______________________________________________
> aerogear-dev mailing list
> [hidden email] <http://user/SendEmail.jtp?type=node&node=9490&i=2>
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
> ------------------------------
>  If you reply to this email, your message will be added to the discussion
> below:
>
> http://aerogear-dev.1069024.n5.nabble.com/setting-up-aerogear-behind-nginx-proxy-tp9489p9490.html
>  To unsubscribe from setting up aerogear behind nginx proxy, click here.
> NAML
> <http://aerogear-dev.1069024.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>
>
>
> ------------------------------
> View this message in context: Re: [aerogear-dev] setting up aerogear
> behind nginx proxy
> <http://aerogear-dev.1069024.n5.nabble.com/setting-up-aerogear-behind-nginx-proxy-tp9489p9491.html>
>
> Sent from the aerogear-dev mailing list archive
> <http://aerogear-dev.1069024.n5.nabble.com/> at Nabble.com.
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>



-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20141017/b62bc0b2/attachment.html

More information about the aerogear-dev mailing list