[keycloak-user] Keycloak 1.9 behind Apache2 reverse proxy not working properly
Matthias Müller
matthias_mueller at tu-dresden.de
Fri Feb 26 08:54:42 EST 2016
Yes. I’ve set up an HTTPS reverse proxy in Apache as usual with and added the required header:
RequestHeader set X-Forwarded-Proto "https" env=HTTPS
Then I edited /usr/local/keycloak/standalone/configuration/standalone.xml according to these instructions.
>From what I’ve seen there’s no difference in the responses between:
a) Configuring reverse proxy in Apache only
b) Configuring reverse proxy in Apache AND editing standalone.xml
In both cases the hostname is properly resolved, but not the protocol part.
Cheers,
Matthias
p.s.: The documentation shows a configuration for an old release (1.1) of the undertow subsystem. Current is 3.0, which is also part of Keycloak distro. Is the configuration identical for both versions?
From: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces at lists.jboss.org] On Behalf Of Stian Thorgersen
Sent: Friday, February 26, 2016 1:36 PM
To: Matthias Müller
Cc: keycloak-user
Subject: Re: [keycloak-user] Keycloak 1.9 behind Apache2 reverse proxy not working properly
DId you follow documentation at http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e394
On 26 February 2016 at 12:53, Matthias Müller <Matthias_Mueller at tu-dresden.de> wrote:
Does anyone have experiences with Keycloak 1.9 in an Apache2 reverse
proxy configuration?
In my test setup I am running Keycloak as a standalone service on port
8080. It is proxied behind an Apache HTTP Server that manages the SSL
communication and forwards requests to localhost:8080. The Apache side
of the proxy is working. However, the administration console web page
(auth/admin/master/console/) still contains plain http://... links
(should be: https://) to the JS components which, of course, is invalid.
Obviously the Keycloak service does not see (or ignores) the X-Forwarded
headers.
Am I missing something here?
Cheers,
Matthias
[1]:
http://auth.domain.org/auth/resources/1.9.0.final/admin/keycloak/lib/select2-3.4.1/select2.js
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160226/1242b76e/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6116 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160226/1242b76e/attachment-0001.bin
More information about the keycloak-user
mailing list