[keycloak-user] Reverse proxy calling admin API
Stian Thorgersen
sthorger at redhat.com
Tue May 24 02:50:34 EDT 2016
The attribute only works for HTTP connector, not for AJP. For AJP you have
to manually add it.
The Host header is required though. Ho would Undertow else figure out the
original request URL? I can't see anything we can do on our end for this,
besides documenting the fact that the original Host header has to be
preserved.
On 23 May 2016 at 16:47, Christian Bauer <christian.bauer at gmail.com> wrote:
> This handler sets ServletRequest#getRemoteHost() etc. values in Undertow.
> In Wildfly code this handler is actually enabled with the listener
> attribute proxy-address-forwarding=true:
>
>
> https://github.com/wildfly/wildfly/blob/aaaeb2a13667353db2b6955b9bcdba434a89fd02/undertow/src/main/java/org/wildfly/extension/undertow/HttpListenerService.java#L93
>
> What's the difference between enabling the listener attribute and adding
> the filter manually?
>
> None of this is having any effect on getRequestURL(). There are two ways I
> see how this host is set: From parsing the HTTP request line or from the
> Host header.
>
> Whatever proxy testing you do probably works because your proxy passes
> through the original Host header. Preserving the Host header is the default
> in haproxy but not mod_proxy.
>
> On 23.05.2016, at 16:14, Bill Burke <bburke at redhat.com> wrote:
>
>
> https://keycloak.gitbooks.io/server-installation-and-configuration/content/topics/clustering/load-balancer.html
>
> As Stian said, ProxyPeerAddressHandler? See above.
>
>
> On 5/23/16 3:16 AM, Christian Bauer wrote:
>
> 08:47:32,512 ERROR [stderr] (default task-2) X-Forwarded-For: 10.0.0.1
>
>
> Copy/paste error, the actual line is:
>
> 08:47:32,512 ERROR [stderr] (default task-2) X-Forwarded-For:
> 10.0.0.1:8888
>
>
>
> _______________________________________________
> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160524/0b161311/attachment.html
More information about the keycloak-user
mailing list