[keycloak-user] Keycloak Docker behind loadbalancer with https fails
Marek Posolda
mposolda at redhat.com
Wed Jul 13 12:18:38 EDT 2016
On 13/07/16 13:50, Bruce Shaw wrote:
> Hello,
>
> I have a standalone Keycloak docker deployed behind a loadbalancer
> like so:
>
> https -> (443) loadbalancer -> (80) Server -> (8080) DockerContainer
>
> I'm terminating SSL at the loadbalancer, so hitting
> https://accounts.mysite.com/auth/admin... fails because all assets
> return as http. I expected Keycloak to match the protocol of https.
>
> If I hit my loadbalancer directly with http, I can flip the switch
> inside the realm to force all requests to require ssl. Then back over
> to https://accounts.mysite.com/auth/admin... says "HTTPS Required"??
>
> My network administration knowledge is limited, so at this point I'm
> stuck. Is there an issue with my standalone.xml configuration?
Yes, looks like that. Your loadbalancer must forward the headers like
"X-Forwarded-Proto" . You can also set it in standalone.xml on Keycloak
side, so Keycloak see the correct protocol. For some details, see our docs:
https://keycloak.gitbooks.io/server-installation-and-configuration/content/v/2.0/topics/clustering/load-balancer.html
https://keycloak.gitbooks.io/server-installation-and-configuration/content/v/2.0/topics/network/https.html
Marek
>
> jboss.bind.address is "0.0.0.0"
>
> <http-listener name="default" socket-binding="http" redirect-socket="https" />
>
>
> thanks
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160713/627f30ca/attachment.html
More information about the keycloak-user
mailing list