[keycloak-user] problem with nginx reverse proxy and ip access control
Jernej Porenta
jernej.porenta at 3fs.si
Fri Sep 21 08:37:15 EDT 2018
Hey,
>
> Thanks for the reply. I've gone through pretty much the same iterations. I've also tried manipulating the X-Forwarded-For as you mentioned and it doesnt help either.
>
> In our case we are using Amazon ECS to host Keycloak behind an external facing ALB. I want to be able to restrict the admin console to internal only addresses, so I have an nginx container to reverse-proxy admin requests to keycloak. No matter what configuration I try, I cannot get it to work.
>
> Would be open to any other suggestions
>
I’ve added some snippet into http part of nginx (if using nginx ingress: config.http-snippet)
geo $admin_access {
default deny;
192.168.0.1/24 allow;
}
and into server part of nginx host (of server-snippet of your ingress service configuration)
set $check “";
if ($uri ~ '^/auth/admin') { set $check "${admin_access}-admin"; };
if ($check = "deny-admin") { return 403; }
br, Jernej
More information about the keycloak-user
mailing list