<div dir="ltr">I'm pretty sure there's no changes. Has anything changed in your proxy setup? Does it still work with 1.9.2, but the exact same config doesn't work with 2.0.0?</div><div class="gmail_extra"><br><div class="gmail_quote">On 8 July 2016 at 10:59, gambol <span dir="ltr"><<a href="mailto:gambol99@gmail.com" target="_blank">gambol99@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div style="margin:15px 0px 0px;padding:15px 0px 0px;border-top-style:none"><div style="margin:5px 0px 0px;padding:0px 0px 0px 10px"><div style="margin:0px;padding:0px"><div style="margin:0px;padding:0px"><p style="margin:0px;padding:0px">Hiya</p><p style="margin:0px;padding:0px"><br></p><p style="margin:0px;padding:0px">We've been running v1.9.2 behind a nginx proxy for some time now. Has the setup for running Keycloak v2.0.0-Final behind a proxy changed? ... We've kept the amended lines, but Keycloak is returns content in non-https appearing to ignore the X-Forwarded-Proto</p><p style="margin:10px 0px 0px;padding:0px">—<br><http-listener name="default" socket-binding="http" proxy-address-forwarding="true" redirect-socket="proxy-https"/><br>...<br></p><p style="margin:10px 0px 0px;padding:0px"><socket-binding name="ajp" port="${jboss.ajp.port:8009}"/></p><p style="margin:10px 0px 0px;padding:0px"><socket-binding name="http" port="${jboss.http.port:8080}"/></p><p style="margin:10px 0px 0px;padding:0px"><socket-binding name="https" port="${jboss.https.port:8443}"/></p><p style="margin:10px 0px 0px;padding:0px"><socket-binding name="proxy-https" port="443"/> <---</p><p style="margin:10px 0px 0px;padding:0px">...</p><hr><p style="margin:10px 0px 0px;padding:0px">But looking at the urls handed back, they are all http://</p><p style="margin:10px 0px 0px;padding:0px"><br></p><p style="margin:10px 0px 0px;padding:0px">Doing a tcpdump dump between proxy and keycloak, I can see the X-Forwarded headers added by the proxy</p><p style="margin:10px 0px 0px;padding:0px">GET /auth/admin/master/console/ HTTP/1.0<br>X-Real-IP: 127.0.0.1<br>X-Forwarded-For: 127.0.0.1<br>X-Forwarded-Proto: https<br>Host: 127.0.0.1<br>Connection: close<br>Cache-Control: max-age=0<br>Upgrade-Insecure-Requests: 1<br>User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36<br>Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,<b>/</b>;q=0.8<br>Accept-Encoding: gzip, deflate, sdch, br<br>Accept-Language: en-US,en;q=0.8</p></div></div></div></div><div style="margin:15px 0px 0px;padding:15px 0px 0px;border-top-style:none"><div style="margin:0px;padding:0px;background:url("")"><ul style="margin:2px 0px 0px;list-style-type:none;padding:0px;float:right;color:rgb(51,51,51);font-family:Arial,sans-serif;font-size:14px;line-height:20px"></ul><h2 style="padding:0px 5px 0px 20px;color:rgb(36,52,70);font-size:inherit;line-height:1.5;display:inline-block;font-family:Arial,sans-serif;background-image:url("")"></h2></div></div></div>
<br>_______________________________________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br></blockquote></div><br></div>