[keycloak-user] Keycloak and HTTPS behind reverse proxy
Marek Posolda
mposolda at redhat.com
Wed Sep 7 05:46:49 EDT 2016
We have some docs here:
https://keycloak.gitbooks.io/server-installation-and-configuration/content/v/2.1/topics/clustering/load-balancer.html
https://keycloak.gitbooks.io/server-installation-and-configuration/content/v/2.1/topics/network.html
(and subpages)
Marek
On 07/09/16 11:37, Predrag Mijatovic wrote:
> Hello,
>
> I need help with Keycloak over HTTPS...I've started Keycloak with
> "./standalone.sh -b 10.45.0.6". I have DNS name login.mysite.com
> <http://login.mysite.com> which points to
> NGINX listening on a public IP. NGINX is set up as a reverse proxy:
>
> server {
> ssl on;
> listen 443;
> server_name login.mysite.com <http://login.mysite.com>;
> ssl_verify_client off;
> proxy_ssl_server_name on;
>
> location / {
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header Host $host;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header X-Forwarded-Proto https;
> proxy_pass http://10.45.0.6:8080;
> }
> }
>
> I can successfully open https://login.mysite.com/auth/ (green padlock and
> everything), but
> https://login.mysite.conf/auth/admin/master/console/ fails with
> "{{notification.header}} {{notification.message}} Loading...".
> Inspecting the
> web page I see that a lot of .js files are served over HTTP and the
> browser
> complains about mixed content.
>
> Reading the docs I figured that setting stuff on the side of reverse
> proxy is
> enough? Do I need to do anything else?
>
> Thanks
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160907/d3522422/attachment-0001.html
More information about the keycloak-user
mailing list