[keycloak-user] Keycloak and HTTPS behind reverse proxy

Predrag Mijatovic predmijat at gmail.com
Wed Sep 7 05:37:55 EDT 2016


Hello,

I need help with Keycloak over HTTPS...I've started Keycloak with
"./standalone.sh -b 10.45.0.6". I have DNS name login.mysite.com <http://login.mysite.com/> which points to
NGINX listening on a public IP. NGINX is set up as a reverse proxy:

server {
    ssl on;
    listen 443;
    server_name login.mysite.com <http://login.mysite.com/>;
    ssl_verify_client off;
    proxy_ssl_server_name on;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_pass http://10.45.0.6:8080 <http://10.45.0.6:8080/>;
    }
}

I can successfully open https://login.mysite.com/auth/ <https://login.mysite.com/auth/> (green padlock and
everything), but https://login.mysite.conf/auth/admin/master/console/ <https://login.mysite.conf/auth/admin/master/console/> fails with
"{{notification.header}} {{notification.message}} Loading...". Inspecting the
web page I see that a lot of .js files are served over HTTP and the browser
complains about mixed content.

Reading the docs I figured that setting stuff on the side of reverse proxy is
enough? Do I need to do anything else?

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160907/0d1f294e/attachment-0001.html 


More information about the keycloak-user mailing list