[keycloak-user] keycloak & tomcat on same host/domain + nginx reverse proxy server
Adrian Matei
adrianmatei at gmail.com
Wed Jan 13 14:23:35 EST 2016
Thank you very much Scott, you've saved me - that was the solution.
Cheers,
Adrian
On Wed, Jan 13, 2016 at 4:41 PM, Scott Rossillo <srossillo at smartling.com>
wrote:
> I believe you have to tell Wildfly to listen for proxied connections.
> In standalone/configuration/standalone.xml change:
>
> <http-listener name="default" socket-binding="http"
> redirect-socket="https”/>
>
> to
>
> <http-listener name="default" socket-binding="http"
> redirect-socket=“https” proxy-address-forwarding="true"/>
>
> Hope that helps. If not, check your nginx error log.
>
> Scott Rossillo
> Smartling | Senior Software Engineer
> srossillo at smartling.com
>
> [image: Latest News + Events]
> <https://app.sigstr.com/uc/55e5d41c6533390d03580000>
> [image: Powered by Sigstr] <http://www.sigstr.com/>
>
> On Jan 13, 2016, at 12:28 AM, Adrian Matei <adrianmatei at gmail.com> wrote:
>
> Can anyone help me with a configuration of keycloak (port 8180) and tomcat
> (port 8080) running on the same host/domain having nginx as reverse proxy
> server in front of it (new to nginx).
>
> Accessed on individual ports they run perfectly but when going over nginx,
> tomcat address (localhost) works but keycloak (localhost/auth) won't.
>
> Here's my nginx configuration:
>
> user www-data;
> worker_processes 4;
> pid /run/nginx.pid;
>
> events {
> worker_connections 1024;
> # multi_accept on;
> }
>
> http {
> server_tokens off; #hides nginx version and OS running on
> include /etc/nginx/mime.types;
>
> upstream tomcat_server {
> server localhost:8080;
> }
> upstream keycloak_server {
> server localhost:8180;
> }
>
> server {
> listen 80;
> server_name localhost;
>
> location / {
> try_files $uri $uri/index.hml /maintenance.html @tomcat;
> }
>
> location @tomcat {
> proxy_pass http://tomcat_server;
> proxy_set_header Host $host;
> }
>
> location /auth/ {
> proxy_pass http://keycloak_server;
>
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header X-Forwarded-Proto $scheme;
> }
>
> }
> }
>
>
> Thanks,
> Adrian
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160113/a8c9a3f7/attachment.html
More information about the keycloak-user
mailing list