[keycloak-user] reverse proxy nginx before keycloak

Stian Thorgersen sthorger at redhat.com
Thu Jan 24 10:23:36 EST 2019 

You can change the context path of Keycloak to match what you have on the
reverse proxy. See docs for details.

On Thu, 24 Jan 2019 at 15:47, Geoffrey Cleaves <geoff at opticks.io> wrote:

> I'm no expert with Nginx, but have run into this problem before. It's
> extremely difficult to reverse proxy to "/test/aa" when the service being
> proxied (Keycloak) does not expect to serve at this prefix. The
> service-to-be-proxied should offer a config option such as proxy_path which
> could be set to "/test/aa" so that the service know it need to add that
> prefix to all its routes.
>
> Does Keycloak have a proxy_path config option? I don't think it does.
>
> I suppose it may be possible using some rewrite rules, but those are pretty
> tricky and I have never been able to make it work. You might have luck
> using the nginx Content modification module:
> http://nginx.org/en/docs/http/ngx_http_sub_module.html .
>
> But do you really need to do what you want to do? Why not just proxy the
> "/auth" location? That works for me, because that where KC expect to serve
> content.
>
>
> On Thu, 24 Jan 2019 at 15:16, Greet Robijns <greetrobijns at gmail.com>
> wrote:
>
> > Hi,
> >
> > I am having some trouble configuring my nginx server before my keycloak
> > server. I read the documentation at:
> >
> >
> https://www.keycloak.org/docs/latest/server_installation/index.html#_setting-up-a-load-balancer-or-proxy
> > .
> >
> > The problem is that the layout files are not loading and after logging
> in,
> > the redirection is incorrect: it goes to /auth/.... instead of
> > /test/aa/auth.
> >
> > I am really stuck here? Should I change something in my keycloak
> > configuration?
> >
> > my nginx:
> >
> > worker_processes 1;
> >
> > events { worker_connections 1024; }
> >
> > http {
> >
> > sendfile on;
> >
> > server {
> > listen 8080;
> >
> > location /test/aa/ {
> > resolver 127.0.0.11;
> > proxy_pass http://mc:4000/;
> > proxy_set_header X-Real-IP $remote_addr;
> > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> > proxy_set_header X-Forwarded-Proto $scheme;
> > proxy_set_header Host $host;
> > }
> >
> > }
> >
> > }
> >
> > Kind Regards,
> > Greet Robijns
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
>
> --
>
> Regards,
> Geoffrey Cleaves
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list