[keycloak-user] Running Keycloak behind Apache Reverse Proxy

Vikram vikram.eswar at fleetroute.com
Fri Feb 22 06:33:57 EST 2019


Hi Peter,

thanks a lot for your reply.

I have followed this link already with no luck.

I have set X-forwarded headers in my default-ssl.conf file as :

RequestHeader set X-Forwarded-Proto "https" env=HTTPS

RequestHeader set X-Forwarded-Port "443"

RemoteIPHeader X-Forwarded-For

Should I also set RemoteIPTrustedProxy and RemoteIPInternalProxy to 
127.0.0.1 ?  because everything is running in the same machine ? or 
should I add all of this in the security.conf file ?

Where am I going wrong ?

I am not getting a json response when I test the configuration using 
/auth/realms/master/.well-known/openid-configuration..

Regards,

Vikram



On 2/21/2019 10:13 PM, Nalyvayko, Peter wrote:

> Here is a link to a more recent docs:
>
> https://www.keycloak.org/docs/latest/server_installation/index.html#_setting-up-a-load-balancer-or-proxy
> ________________________________________
> From: Nalyvayko, Peter
> Sent: Thursday, February 21, 2019 4:11 PM
> To: Vikram; keycloak-user at lists.jboss.org
> Subject: RE: [keycloak-user] Running Keycloak behind Apache Reverse Proxy
>
> Vikram,
>
>
>>> https://www.keycloak.org/docs/latest/server_admin/#apache-certificate-lookup-provider
> The instructions above only apply if you are trying to set up mutual SSL.
>
> Take a look at https://www.keycloak.org/docs/1.9/server_installation_guide/topics/clustering/load-balancer.html how to set up keycloak behind load balancer, there are a few changes to the keycloak configuration you'll need to make
>
> Hope this helps
> Regards
> --Peter
>
> ________________________________________
> From: keycloak-user-bounces at lists.jboss.org [keycloak-user-bounces at lists.jboss.org] on behalf of Vikram [vikram.eswar at fleetroute.com]
> Sent: Thursday, February 21, 2019 11:40 AM
> To: keycloak-user at lists.jboss.org
> Subject: [keycloak-user] Running Keycloak behind Apache Reverse Proxy
>
> Hi all,
>
> OS: Ubuntu 18.04
>
> I am running an https secured apache server as a reverse proxy. Lets say
> at https://example.com
>
> Now, I have a keycloak server running on the same machine, lets say at
> http://localhost:1234 (note: HTTP)
>
> I have set it up such that https://example.com/keycloak points to
> http://localhost:1234
>
> Now, I have a javascript application which is trying to authenticate
> with Keycloak using a javascript adapter. In the keycloak.json
> configuration file, I have the url set up as :
>
> url : 'https://example.com/keycloak/auth|'|
>
> This does not work. In order to access keycloak for authentication from
> the outside world, I need this to connect.
>
> Anything on this ?
>
> I have already looked at this link :
>
> https://www.keycloak.org/docs/latest/server_admin/#apache-certificate-lookup-provider
>
>
> I have tried setting the certificate lookup but I am not sure if I am
> doing it right. I set it within the virtualhost block in the
> default-ssl.conf file through RequestHeader.
>
> Regards,
>
> Vikram
>
>
> ||
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>


More information about the keycloak-user mailing list