<div dir="ltr">Yeah it's definitely the port. I can use exactly the same config proxying port 8443 -> 8443 and<div>it works.</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><font color="#000000"><b>Kevin Thorpe<br></b></font></div>
<div>CTO<br></div>
<div><br>
</div>
<div><a href="https://www.p-i.net/" target="_blank"><img src="cid:part1.09070200.07040105@p-i.net"></a> <a href="https://twitter.com/@PI_150" target="_blank"><img src="cid:part3.05090201.04050806@p-i.net"></a><br>
</div>
<div><br>
</div>
<div><a href="http://www.p-i.net/" target="_blank">www.p-i.net</a> | <a href="https://twitter.com/@PI_150" target="_blank">@PI_150</a><br>
</div>
<div><span style="color:rgb(81,81,81)"><br>
</span></div>
<div><span style="color:rgb(81,81,81)">M: <a value="+447921676683">+44 (0)7425 160 368</a> | T: <a value="+442030056750">+44 (0)203 005 6750</a> |
F: <a value="+442077302635">+44(0)207 730 2635</a></span><br>
</div>
<div><font color="#515151">150
Buckingham Palace Road, </font><span style="color:rgb(81,81,81)">London, SW1W 9TR, UK</span></div>
<div><br><b><span style="color:rgb(11,83,148)"> <img src="https://clients.p-i.net/documents/11003/1116416/BSI-UKAS.logo.jpg/81028530-5f84-4598-825b-f6465a83bae1?t=1416563040000"> <img src="https://clients.p-i.net/documents/11003/1116416/ISO27001-2013.logo.jpeg/145aebe0-c393-49d7-8e1d-44c3c4d451dc?t=1416563040000"> <img src="https://clients.p-i.net/documents/11003/1116416/QMS.logo.jpeg/3925220d-bdad-40c3-b284-102c365c7b85?t=1416563040000" height="36" width="64"><img src="https://clients.p-i.net/documents/11003/1116416/pci.png/773a04d4-f6ce-4b7a-8a22-818f518f0459?t=1421160152000" height="44" width="116"></span></b></div>
<div><font size="1">_____________________________ </font></div>
<p><font size="1">This email and any files transmitted with it
are confidential and intended solely for the use of the
individual or entity to whom they are addressed. If you
have received this email in error please notify the system
manager. This message contains confidential information
and is intended only for the individual named. If you are
not the named addressee you should not disseminate,
distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by
mistake and delete this e-mail from your system. If you
are not the intended recipient you are notified that
disclosing, copying, distributing or taking any action in
reliance on the contents of this information is strictly
prohibited.</font></p><p><b>"<span style="color:rgb(11,83,148)"><font>SAVE PAPER - THINK BEFORE YOU PRINT!</font></span>" </b></p></div></div></div></div></div>
<br><div class="gmail_quote">On 18 September 2015 at 14:25, Kevin Thorpe <span dir="ltr"><<a href="mailto:kevin.thorpe@p-i.net" target="_blank">kevin.thorpe@p-i.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Still struggling with wrapping Keycloak under nginx. Keycloak runs on our internal infrastructure<div>on port 8443 because it's a right pain to get it on port 443.</div><div><br></div><div>Now some of our clients have restrictive firewalls that only allow 80 and 443 so I'm trying to </div><div>proxy it on port 443 in Nginx so we have a single pont of contact. It doesn't work. </div><div><br></div><div>Chrome is giving ERR_RESPONSE_HEADERS_TRUNCATED and I'm not sure why. Redirect is happening properly as shown from an AWS client:</div><div><br></div><div><div>52.21.xxx.xxx - - [18/Sep/2015:14:23:49 +0100] <a href="http://xxxx.pibenchmark.com" target="_blank">xxxx.pibenchmark.com</a> "GET / HTTP/1.1" 009 7 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36" "<a href="http://10.20.13.184:8443" target="_blank">10.20.13.184:8443</a>"</div></div><div><br></div><div>Can Keycloak not handle the difference in ports? I'm really struggling to understand here.</div><div><br></div><div>nginx config:</div><div><br></div><div><div># login-uat server</div><div><br></div><div>server {</div><div> listen <a href="http://10.20.13.11:443" target="_blank">10.20.13.11:443</a>;</div><div><br></div><div> server_name <a href="http://xxxx.pibenchmark.com" target="_blank">xxxx.pibenchmark.com</a>;</div><div><br></div><div> ssl on;</div><div># ssl key bits</div><div> client_max_body_size 10G;<br></div><div><br></div><div> location / {<br></div><div> proxy_pass <a href="http://login-uat-cluster" target="_blank">http://login-uat-cluster</a>;</div><div> }</div><div>}</div><div><br></div><div># only one of these will be working but nginx should be able to work out which</div><div>upstream login-uat-cluster {</div><div> server <a href="http://keycloak.pibenchmark.com:8443" target="_blank">keycloak.pibenchmark.com:8443</a>;</div><div>}</div></div><span class="HOEnZb"><font color="#888888"><div><br></div><div><br></div><div><br clear="all"><div><div><div dir="ltr"><div dir="ltr"><div><font color="#000000"><b>Kevin Thorpe<br></b></font></div>
<div>CTO<br></div>
<div><br></div></div></div></div></div>
</div></font></span></div>
</blockquote></div><br></div>