[keycloak-user] keycloak & tomcat on same host/domain + nginx reverse proxy server

Scott Rossillo srossillo at smartling.com
Wed Jan 13 10:41:09 EST 2016 

I believe you have to tell Wildfly to listen for proxied connections. In standalone/configuration/standalone.xml change:

<http-listener name="default" socket-binding="http" redirect-socket="https”/>

to

<http-listener name="default" socket-binding="http" redirect-socket=“https” proxy-address-forwarding="true"/>

Hope that helps. If not, check your nginx error log.

Scott Rossillo
Smartling | Senior Software Engineer
srossillo at smartling.com

 <https://app.sigstr.com/uc/55e5d41c6533390d03580000>
 <http://www.sigstr.com/>
> On Jan 13, 2016, at 12:28 AM, Adrian Matei <adrianmatei at gmail.com> wrote:
> 
> Can anyone help me with a configuration of keycloak (port 8180) and tomcat (port 8080) running on the same host/domain having nginx as reverse proxy server in front of it (new to nginx). 
> 
> Accessed on individual ports they run perfectly but when going over nginx, tomcat address (localhost) works but keycloak (localhost/auth) won't.
> 
> Here's my nginx configuration:
> 
> user www-data;
> worker_processes 4;
> pid /run/nginx.pid;
> 
> events {
> 	worker_connections 1024;
> 	# multi_accept on;
> }
> 
> http {
> 	server_tokens off; #hides nginx version and OS running on
> 	include /etc/nginx/mime.types;
> 
> 	upstream tomcat_server {
> 			server localhost:8080;
> 	}
> 	upstream keycloak_server {
> 			server localhost:8180;
> 	}
> 
> 	server {
> 		listen 80;
> 		server_name localhost;
> 
> 		location / {
> 			try_files $uri $uri/index.hml /maintenance.html @tomcat;
> 		}
> 
> 		location @tomcat {
> 			proxy_pass http://tomcat_server <http://tomcat_server/>;
> 			proxy_set_header Host $host; 
> 		}
> 
> 		 location /auth/ {
> 			proxy_pass http://keycloak_server <http://keycloak_server/>;
> 
> 			proxy_set_header Host               $host;
> 			proxy_set_header X-Real-IP          $remote_addr;
> 			proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
> 			proxy_set_header X-Forwarded-Proto  $scheme;
>             }
> 
> 	}
> }
> 			
> 
> Thanks,
> Adrian
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160113/214ddf95/attachment-0001.html

More information about the keycloak-user mailing list