[keycloak-user] keycloak behind nginx
Subodh Joshi
subodhcjoshi82 at gmail.com
Fri Feb 9 00:12:32 EST 2018
I did it with my Java+JSF based web project where NGINX is in front end and
Keycloak-HA in backside of NGINX with external(mariadb) db. Its work fine
in the keycloak url everywhere i am giving https://<NGINX URL>/auth now its
NGINX configuration duty to redirect the keycloak its want anyhow both
keycloak point to same DB.
I have generated SSL certificate for NGINX and import to the client machine
for https connection.
Its all working fine.
On Fri, Feb 9, 2018 at 9:02 AM, karan shah <karan.s1992 at outlook.com> wrote:
> Posting this again as I have not been successful. I have a sample app
> which correctly secures the rest api locally. Now when I put this in
> production behind a nginx proxy it does not work. No errors. It allows all
> request.
>
> Front end serer with ssl is https://frontend.com<https://frontend.com/<
> https://outlook.live.com/mail/>>
>
> Back end server with ssl is https://backend.com<https://backend.com/>
>
> Keycloak proxy forward is true
>
> Front end server(node server on 9000) <-> NGINX <-> Keycloak (running on
> 8180)
>
> nginx file sample
>
> upstream keycloak_server {
> server localhost:8180;
> }
>
> upstream node_server {
> server localhost:9000;
> }
>
> location /auth/ {
> proxy_pass http://keycloak_server<http://keycloak_server/>;
> proxy_http_version 1.1;
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header X-Forwarded-Proto $scheme;
> }
> location / {
> proxy_pass http://node_server<http://node_server/>;
> proxy_http_version 1.1;
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header X-Forwarded-Proto $scheme;
> }
>
> Front end server calls a backend api using Angular. REST api calls looks
> likehttps://backend.com/callTest
>
> Backend server(running on tomcat) <-> NGINX <-> Spring Boot(with keycloak)
>
> nginx sample
>
> location / {
> proxy_pass http://127.0.0.1:8080/dt-1.0/;
> proxy_http_version 1.1;
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header X-Forwarded-Proto $scheme;
> }
>
> in angular keycloak.json looks like
>
> {
> "realm": "demo",
> "auth-server-url": "https://frontend.com/auth",
> "ssl-required": "none",
> "resource": "tutorial-frontend",
> "public-client": true
> }
>
> in spring boot keycloak properties look like
>
> keycloak.auth-server-url=https://frontend.com/auth
> keycloak.realm=demo
> keycloak.resource=1040nra-client
> keycloak.public-client=true
> keycloak.bearer-only = true
> keycloak.cors = true
> keycloak.security-constraints[0].authRoles[0]=user
> keycloak.security-constraints[0].securityCollections[0].patterns[0]=/*
>
> Please let me know how to correct this. I would really appreciate it.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Subodh Chandra Joshi
subodh1_joshi82 at yahoo.co.in
http://www.trendsinnews.com
More information about the keycloak-user
mailing list