[keycloak-user] Reverse proxy calling admin API

Stian Thorgersen sthorger at redhat.com
Tue May 24 02:55:40 EDT 2016 

Created https://issues.jboss.org/browse/KEYCLOAK-3029

On 24 May 2016 at 08:50, Stian Thorgersen <sthorger at redhat.com> wrote:

> The attribute only works for HTTP connector, not for AJP. For AJP you have
> to manually add it.
>
> The Host header is required though. Ho would Undertow else figure out the
> original request URL? I can't see anything we can do on our end for this,
> besides documenting the fact that the original Host header has to be
> preserved.
>
> On 23 May 2016 at 16:47, Christian Bauer <christian.bauer at gmail.com>
> wrote:
>
>> This handler sets ServletRequest#getRemoteHost() etc. values in Undertow.
>> In Wildfly code this handler is actually enabled with the listener
>> attribute proxy-address-forwarding=true:
>>
>>
>> https://github.com/wildfly/wildfly/blob/aaaeb2a13667353db2b6955b9bcdba434a89fd02/undertow/src/main/java/org/wildfly/extension/undertow/HttpListenerService.java#L93
>>
>> What's the difference between enabling the listener attribute and adding
>> the filter manually?
>>
>> None of this is having any effect on getRequestURL(). There are two ways
>> I see how this host is set: From parsing the HTTP request line or from the
>> Host header.
>>
>> Whatever proxy testing you do probably works because your proxy passes
>> through the original Host header. Preserving the Host header is the default
>> in haproxy but not mod_proxy.
>>
>> On 23.05.2016, at 16:14, Bill Burke <bburke at redhat.com> wrote:
>>
>>
>> https://keycloak.gitbooks.io/server-installation-and-configuration/content/topics/clustering/load-balancer.html
>>
>> As Stian said, ProxyPeerAddressHandler?  See above.
>>
>>
>> On 5/23/16 3:16 AM, Christian Bauer wrote:
>>
>> 08:47:32,512 ERROR [stderr] (default task-2) X-Forwarded-For: 10.0.0.1
>>
>>
>> Copy/paste error, the actual line is:
>>
>> 08:47:32,512 ERROR [stderr] (default task-2) X-Forwarded-For:
>> 10.0.0.1:8888
>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160524/2747d5bd/attachment.html

More information about the keycloak-user mailing list