[keycloak-user] clients behind load balancer issues

Scott Rossillo srossillo at smartling.com
Fri Apr 29 15:57:22 EDT 2016 

Yes, it’s been on the mailing list before.

For Keycloak:

http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#proxy-address-forwarding


For Nginx:

server {
  listen 443;
  server_name localhost;

  ssl on;
  ssl_certificate /etc/pki/tls/certs/server.crt;
  ssl_certificate_key /etc/pki/tls/certs/server.key;

  location / {
    proxy_pass http://your-keycloak-host-here:-your-wildfly-proxy-https-port;
    proxy_http_version 1.1;

    proxy_set_header Connection "";
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
  }
}


Scott Rossillo
Smartling | Senior Software Engineer
srossillo at smartling.com

> On Apr 29, 2016, at 1:59 PM, Rodrigo Gonzalez Asensio <rasensio at gmail.com> wrote:
> 
> All local environment
> 
> 1 keycloak 1.7 & 1.9 listening on port 8080
> 2 tomcat 7 with java webapp using Keycloak filter (not the adapter)
> 1 nginx load balancing the 2 tomcats. Nginx config below
> 
> upstream jeremy {
>         server localhost:8082;
>         server localhost:8999;
>     }
> 
>     server {
>         listen 80;
> 				server_name localhost;
> 
>         location / {
>             proxy_pass http://jeremy/ <http://jeremy/>;
>             proxy_redirect off;
> 	    			proxy_set_header Host $host;
> 						}
>   }
> 
> My Keycloak client all defaults, 1 only valid redirect_uri. 
> As soon as I validate the login in keycloak it gets crazy with ERR_TOO_MANY_REDIRECTS
> 
> The same thing happen in AWS having a ELB > tomcats or ELB > NGINX > tomcats.
> 
> Anyone had a similar issue ?
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160429/8b9b05bc/attachment.html

More information about the keycloak-user mailing list