[keycloak-user] Proxy TLS settings

[Stian Thorgersen]

I'm pretty sure there's no changes. Has anything changed in your proxy
setup? Does it still work with 1.9.2, but the exact same config doesn't
work with 2.0.0?

On 12 July 2016 at 11:17, gambol <gambol99 at gmail.com> wrote:

> Hiya
>
>
> We've been running v1.9.2 behind a nginx proxy for some time now. Has the
> setup for running Keycloak v2.0.0-Final behind a proxy changed? ... We've
> kept the amended lines, but Keycloak is returns content in non-https
> appearing to ignore the X-Forwarded-Proto
>
> —
> <http-listener name="default" socket-binding="http"
> proxy-address-forwarding="true" redirect-socket="proxy-https"/>
> ...
>
> <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
>
> <socket-binding name="http" port="${jboss.http.port:8080}"/>
>
> <socket-binding name="https" port="${jboss.https.port:8443}"/>
>
> <socket-binding name="proxy-https" port="443"/> <---
>
> ...
> ------------------------------
>
> But looking at the urls handed back, they are all http://
>
>
> Doing a tcpdump dump between proxy and keycloak, I can see the X-Forwarded
> headers added by the proxy
>
> GET /auth/admin/master/console/ HTTP/1.0
> X-Real-IP: 127.0.0.1
> X-Forwarded-For: 127.0.0.1
> X-Forwarded-Proto: https
> Host: 127.0.0.1
> Connection: close
> Cache-Control: max-age=0
> Upgrade-Insecure-Requests: 1
> User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML,
> like Gecko) Chrome/51.0.2704.106 Safari/537.36
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,
> */*;q=0.8
> Accept-Encoding: gzip, deflate, sdch, br
> Accept-Language: en-US,en;q=0.8
>
> Rohith
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160712/b29c7618/attachment.html