<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">Yes, it’s been on the mailing list before.</div><div class=""><br class=""></div><div class="">For Keycloak:</div><div class=""><br class=""></div><div class=""><a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#proxy-address-forwarding" class="">http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#proxy-address-forwarding</a></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">For Nginx:</div><div class=""><br class=""></div><div class=""><div class="">server {</div><div class="">&nbsp; listen 443;</div><div class="">&nbsp; server_name localhost;</div><div class=""><br class=""></div><div class="">&nbsp; ssl on;</div><div class="">&nbsp; ssl_certificate /etc/pki/tls/certs/server.crt;</div><div class="">&nbsp; ssl_certificate_key /etc/pki/tls/certs/server.key;</div><div class=""><br class=""></div><div class="">&nbsp; location / {</div><div class="">&nbsp; &nbsp; proxy_pass <a href="http://your-keycloak-host-here:-your-wildfly-proxy-https-port" class="">http://your-keycloak-host-here:-your-wildfly-proxy-https-port</a>;</div><div class="">&nbsp; &nbsp; proxy_http_version 1.1;</div><div class=""><br class=""></div><div class="">&nbsp; &nbsp; proxy_set_header Connection "";</div><div class="">&nbsp; &nbsp; proxy_set_header Host $host;</div><div class="">&nbsp; &nbsp; proxy_set_header X-Real-IP $remote_addr;</div><div class="">&nbsp; &nbsp; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;</div><div class="">&nbsp; &nbsp; proxy_set_header X-Forwarded-Proto https;</div><div class="">&nbsp; }</div><div class="">}</div></div><div class=""><br class=""></div><br class=""><div class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">Scott Rossillo</div><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">Smartling | Senior Software Engineer</div><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><a href="mailto:srossillo@smartling.com" class="">srossillo@smartling.com</a></div><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">
</div>
</div></div><br class=""><div><blockquote type="cite" class=""><div class="">On Apr 29, 2016, at 1:59 PM, Rodrigo Gonzalez Asensio &lt;<a href="mailto:rasensio@gmail.com" class="">rasensio@gmail.com</a>&gt; wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">All local environment</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br class=""></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">1 keycloak 1.7 &amp; 1.9 listening on port 8080</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">2 tomcat 7 with java webapp using Keycloak filter (not the adapter)</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">1 nginx load balancing the 2 tomcats. Nginx config below</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><div class="gmail_default"><br class=""></div><div class="gmail_default">upstream jeremy {</div><div class="gmail_default">&nbsp; &nbsp; &nbsp; &nbsp; server localhost:8082;</div><div class="gmail_default">&nbsp; &nbsp; &nbsp; &nbsp; server localhost:8999;</div><div class="gmail_default">&nbsp; &nbsp; }</div><div class="gmail_default"><br class=""></div><div class="gmail_default">&nbsp; &nbsp; server {</div><div class="gmail_default">&nbsp; &nbsp; &nbsp; &nbsp; listen 80;</div><div class="gmail_default"><span class="" style="white-space:pre">                                </span>server_name localhost;</div><div class="gmail_default"><br class=""></div><div class="gmail_default">&nbsp; &nbsp; &nbsp; &nbsp; location / {</div><div class="gmail_default">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; proxy_pass <a href="http://jeremy/" class="">http://jeremy/</a>;</div><div class="gmail_default">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; proxy_redirect off;</div><div class="gmail_default"><span class="" style="white-space:pre">        </span> &nbsp; &nbsp;<span class="" style="white-space:pre">                        </span>proxy_set_header Host $host;</div><div class="gmail_default"><span class="" style="white-space:pre">                                                </span>}</div><div class="gmail_default">&nbsp; }</div><div class="gmail_default"><br class=""></div><div class="gmail_default">My Keycloak client all defaults, 1 only valid redirect_uri.&nbsp;</div><div class="gmail_default">As soon as I validate the login in keycloak it gets crazy with ERR_TOO_MANY_REDIRECTS</div><div class="gmail_default"><br class=""></div><div class="gmail_default">The same thing happen in AWS having a ELB &gt; tomcats or ELB &gt; NGINX &gt; tomcats.</div><div class="gmail_default"><br class=""></div><div class="gmail_default">Anyone had a similar issue ?</div><div class=""><br class=""></div></div></div>
_______________________________________________<br class="">keycloak-user mailing list<br class=""><a href="mailto:keycloak-user@lists.jboss.org" class="">keycloak-user@lists.jboss.org</a><br class="">https://lists.jboss.org/mailman/listinfo/keycloak-user</div></blockquote></div><br class=""></body></html>