<div dir="ltr">Hello Chris,<div><br></div><div>how did the configuration go? Were you able to setup the unifiedpush server behind your nginx proxy?</div><div><br></div><div>Thanks,</div><div>Matthias</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Oct 17, 2014 at 8:35 AM, Stian Thorgersen <span dir="ltr"><<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Chris,<br>
<br>
Can you copy/paste the full URL where you get the 'invalid redirect_uri' message?<br>
<br>
For details about setting up reverse proxy with Keycloak look at <a href="http://docs.jboss.org/keycloak/docs/1.0.2.Final/userguide/html/server-installation.html#d4e298" target="_blank">http://docs.jboss.org/keycloak/docs/1.0.2.Final/userguide/html/server-installation.html#d4e298</a>. Key things are X-Forwarded-For and X-Forwarded-Proto which it looks like you've added, but you also need to do some changes to standalone.xml.<br>
<div class="HOEnZb"><div class="h5"><br>
----- Original Message -----<br>
> From: "Matthias Wessendorf" <<a href="mailto:matzew@apache.org">matzew@apache.org</a>><br>
> To: "AeroGear Developer Mailing List" <<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a>><br>
> Sent: Friday, 17 October, 2014 8:08:08 AM<br>
> Subject: Re: [aerogear-dev] setting up aerogear behind nginx proxy<br>
><br>
> Hey Chris!<br>
><br>
> glad to hear about the progress :)<br>
><br>
> regarding the "Invalid redirect_uri", looks like something goes wrong with<br>
> the redirect/ forward.<br>
> On the page were you get the login form (or the Invalid redirect_uri), can<br>
> you compare the URL in the browser ?<br>
> (especially the part after the &redirect_uri param).<br>
><br>
> On the 500, any stack trace there?<br>
><br>
> Thanks,<br>
> Matthias<br>
><br>
><br>
> On Fri, Oct 17, 2014 at 7:38 AM, chale < <a href="mailto:chris.hale@me.com">chris.hale@me.com</a> > wrote:<br>
><br>
><br>
><br>
> I am having a little more positive progress and a few more useful things to<br>
> report from me trying to get this working.<br>
> The logs below aren’t an issue anymore. Here is how i now have things setup.<br>
><br>
> I have nginx setup and running on port 443 and my nginx config looks like<br>
> this<br>
> location / {<br>
> if ($http_user_agent ~ ^$) {<br>
> # return 403;<br>
> }<br>
><br>
> proxy_pass <a href="http://10.128.93.235:8080/" target="_blank">http://10.128.93.235:8080/</a> ;<br>
> proxy_redirect off;<br>
><br>
> proxy_set_header Host $host;<br>
> proxy_set_header X-Forwarded-Proto "https";<br>
> proxy_set_header X-Forwarded-Host $host;<br>
> proxy_set_header X-Forwarded-Server $host;<br>
> proxy_set_header X-Real-IP $remote_addr;<br>
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br>
> }<br>
><br>
><br>
> I seem to be able to login if i choose <a href="http://myserver.com" target="_blank">http://myserver.com</a> but if i try and<br>
> do <a href="https://myserver.com/ag-push" target="_blank">https://myserver.com/ag-push</a><br>
><br>
> I get a message that is saying we are sorry Invalid redirect_uri. .<br>
><br>
> In looking at the http requests I am seeing<br>
> /auth/realms/aerogear/tokens/login url cause a 500<br>
><br>
> Any way to troubleshoot why its giving a 500?<br>
><br>
> Thanks in advance,<br>
><br>
><br>
><br>
><br>
> --<br>
> Chris Hale<br>
> Sent with Sparrow<br>
><br>
><br>
><br>
> On Friday, October 17, 2014 at 12:31 AM, Matthias Wessendorf [via<br>
> aerogear-dev] wrote:<br>
><br>
><br>
> Hi Chris!<br>
><br>
> thanks for trying the UnifiedPush Server. I have never tried to run the UPS<br>
> behind a (ngnix) proxy. Does the same config work w/o the proxy? The stack<br>
> above says "Unable to resolve realm public key remotely", so I am wondering<br>
> if the Keycoak Auth-Server is deployed as well.<br>
><br>
> In the meantime I'll ask our Keycloak friends if they have any experience on<br>
> this.<br>
><br>
> Thanks,<br>
> Matthias<br>
><br>
> On Fri, Oct 17, 2014 at 6:59 AM, chale < [hidden email] > wrote:<br>
><br>
><br>
><br>
> Hi,<br>
> I need some help. I am trying to setup aerogear behind a nginx proxy<br>
> server that has ssl enabled and I am running into issues. Anytime i try to<br>
> go to /ag-push I see this in the logs<br>
><br>
> RROR [org.apache.catalina.connector.CoyoteAdapter]<br>
> (http--10.128.93.235-8080-5) An exception or error occurred in the container<br>
> during the request processing: java.lang.RuntimeException: Unable to resolve<br>
> realm public key remotely, status = 403<br>
> at<br>
> org.keycloak.adapters.AdapterDeploymentContext.resolveRealmKey(AdapterDeploymentContext.java:69)<br>
> [keycloak-adapter-core-1.0-final.jar:]<br>
> at<br>
> org.keycloak.adapters.AdapterDeploymentContext.resolveDeployment(AdapterDeploymentContext.java:55)<br>
> [keycloak-adapter-core-1.0-final.jar:]<br>
> at<br>
> org.keycloak.adapters.as7.AuthenticatedActionsValve.invoke(AuthenticatedActionsValve.java:45)<br>
> [keycloak-as7-adapter-1.0-final.jar:]<br>
> at<br>
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:397)<br>
> [jbossweb-7.0.13.Final.jar:]<br>
> at<br>
> org.keycloak.adapters.as7.KeycloakAuthenticatorValve.invoke(KeycloakAuthenticatorValve.java:135)<br>
> [keycloak-as7-adapter-1.0-final.jar:]<br>
> at<br>
> <a href="http://org.jboss.as" target="_blank">org.jboss.as</a> . web.security.SecurityContextAssociationValve.invoke<br>
> (SecurityContextAssociationValve.java:153)<br>
> [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]<br>
> at<br>
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)<br>
> [jbossweb-7.0.13.Final.jar:]<br>
> at<br>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)<br>
> [jbossweb-7.0.13.Final.jar:]<br>
> at<br>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)<br>
> [jbossweb-7.0.13.Final.jar:]<br>
> at<br>
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)<br>
> [jbossweb-7.0.13.Final.jar:]<br>
> at<br>
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)<br>
> [jbossweb-7.0.13.Final.jar:]<br>
> at<br>
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671)<br>
> [jbossweb-7.0.13.Final.jar:]<br>
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)<br>
> [jbossweb-7.0.13.Final.jar:]<br>
> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_65]<br>
><br>
> Does anyone have any advice or experience on how to go about setting up<br>
> aerogear behind an nginx proxy?<br>
><br>
><br>
><br>
> --<br>
> View this message in context:<br>
> <a href="http://aerogear-dev.1069024.n5.nabble.com/setting-up-aerogear-behind-nginx-proxy-tp9489.html" target="_blank">http://aerogear-dev.1069024.n5.nabble.com/setting-up-aerogear-behind-nginx-proxy-tp9489.html</a><br>
> Sent from the aerogear-dev mailing list archive at Nabble.com .<br>
> _______________________________________________<br>
> aerogear-dev mailing list<br>
> [hidden email]<br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
><br>
><br>
><br>
> --<br>
> Matthias Wessendorf<br>
><br>
> blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
> sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
> twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>
><br>
> _______________________________________________<br>
> aerogear-dev mailing list<br>
> [hidden email]<br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
><br>
><br>
</div></div><span class="im HOEnZb">> If you reply to this email, your message will be added to the discussion<br>
> below:<br>
> <a href="http://aerogear-dev.1069024.n5.nabble.com/setting-up-aerogear-behind-nginx-proxy-tp9489p9490.html" target="_blank">http://aerogear-dev.1069024.n5.nabble.com/setting-up-aerogear-behind-nginx-proxy-tp9489p9490.html</a><br>
> To unsubscribe from setting up aerogear behind nginx proxy, click here .<br>
> NAML<br>
><br>
><br>
><br>
</span><div class="HOEnZb"><div class="h5">> View this message in context: Re: [aerogear-dev] setting up aerogear behind<br>
> nginx proxy<br>
><br>
> Sent from the aerogear-dev mailing list archive at Nabble.com.<br>
><br>
> _______________________________________________<br>
> aerogear-dev mailing list<br>
> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
><br>
><br>
><br>
> --<br>
> Matthias Wessendorf<br>
><br>
> blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
> sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
> twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>
><br>
> _______________________________________________<br>
> aerogear-dev mailing list<br>
> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
<br>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature">Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a></div>
</div>