[keycloak-user] Proxying and changing port.

Kevin Thorpe kevin.thorpe at p-i.net
Fri Sep 18 09:33:29 EDT 2015 

Yeah it's definitely the port. I can use exactly the same config proxying
port 8443 -> 8443 and
it works.


*Kevin Thorpe*
CTO

<https://www.p-i.net/>    <https://twitter.com/@PI_150>

www.p-i.net | @PI_150 <https://twitter.com/@PI_150>

M: +44 (0)7425 160 368 | T: +44 (0)203 005 6750 | F: +44(0)207 730 2635
150 Buckingham Palace Road, London, SW1W 9TR, UK


_____________________________

This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and
delete this e-mail from your system. If you are not the intended recipient
you are notified that disclosing, copying, distributing or taking any
action in reliance on the contents of this information is strictly
prohibited.

*"SAVE PAPER - THINK BEFORE YOU PRINT!" *

On 18 September 2015 at 14:25, Kevin Thorpe <kevin.thorpe at p-i.net> wrote:

> Still struggling with wrapping Keycloak under nginx. Keycloak runs on our
> internal infrastructure
> on port 8443 because it's a right pain to get it on port 443.
>
> Now some of our clients have restrictive firewalls that only allow 80 and
> 443 so I'm trying to
> proxy it on port 443 in Nginx so we have a single pont of contact. It
> doesn't work.
>
> Chrome is giving ERR_RESPONSE_HEADERS_TRUNCATED and I'm not sure why.
> Redirect is happening properly as shown from an AWS client:
>
> 52.21.xxx.xxx - - [18/Sep/2015:14:23:49 +0100] xxxx.pibenchmark.com "GET
> / HTTP/1.1" 009 7 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64)
> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36" "
> 10.20.13.184:8443"
>
> Can Keycloak not handle the difference in ports? I'm really struggling to
> understand here.
>
> nginx config:
>
> # login-uat server
>
> server {
>     listen                    10.20.13.11:443;
>
>     server_name          xxxx.pibenchmark.com;
>
>     ssl                        on;
> # ssl key bits
>     client_max_body_size      10G;
>
>     location / {
>         proxy_pass            http://login-uat-cluster;
>     }
> }
>
> # only one of these will be working but nginx should be able to work out
> which
> upstream login-uat-cluster {
>     server keycloak.pibenchmark.com:8443;
> }
>
>
>
>
> *Kevin Thorpe*
> CTO
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150918/0dece0c6/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pi_icon.jpg
Type: image/jpeg
Size: 3053 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20150918/0dece0c6/attachment.jpg 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: twitter.jpg
Type: image/jpeg
Size: 1204 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20150918/0dece0c6/attachment-0001.jpg

More information about the keycloak-user mailing list