[keycloak-user] reverse proxy nginx before keycloak

Geoffrey Cleaves geoff at opticks.io
Thu Jan 24 09:45:35 EST 2019 

I'm no expert with Nginx, but have run into this problem before. It's
extremely difficult to reverse proxy to "/test/aa" when the service being
proxied (Keycloak) does not expect to serve at this prefix. The
service-to-be-proxied should offer a config option such as proxy_path which
could be set to "/test/aa" so that the service know it need to add that
prefix to all its routes.

Does Keycloak have a proxy_path config option? I don't think it does.

I suppose it may be possible using some rewrite rules, but those are pretty
tricky and I have never been able to make it work. You might have luck
using the nginx Content modification module:
http://nginx.org/en/docs/http/ngx_http_sub_module.html .

But do you really need to do what you want to do? Why not just proxy the
"/auth" location? That works for me, because that where KC expect to serve
content.


On Thu, 24 Jan 2019 at 15:16, Greet Robijns <greetrobijns at gmail.com> wrote:

> Hi,
>
> I am having some trouble configuring my nginx server before my keycloak
> server. I read the documentation at:
>
> https://www.keycloak.org/docs/latest/server_installation/index.html#_setting-up-a-load-balancer-or-proxy
> .
>
> The problem is that the layout files are not loading and after logging in,
> the redirection is incorrect: it goes to /auth/.... instead of
> /test/aa/auth.
>
> I am really stuck here? Should I change something in my keycloak
> configuration?
>
> my nginx:
>
> worker_processes 1;
>
> events { worker_connections 1024; }
>
> http {
>
> sendfile on;
>
> server {
> listen 8080;
>
> location /test/aa/ {
> resolver 127.0.0.11;
> proxy_pass http://mc:4000/;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header X-Forwarded-Proto $scheme;
> proxy_set_header Host $host;
> }
>
> }
>
> }
>
> Kind Regards,
> Greet Robijns
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


-- 

Regards,
Geoffrey Cleaves

More information about the keycloak-user mailing list