<div dir="ltr"><div dir="ltr" style="font-size:12.8px">I'm pretty sure there's no changes. Has anything changed in your proxy setup? Does it still work with 1.9.2, but the exact same config doesn't work with 2.0.0?</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 12 July 2016 at 11:17, gambol <span dir="ltr"><<a href="mailto:gambol99@gmail.com" target="_blank">gambol99@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><p style="font-size:12.8px;margin:0px;padding:0px">Hiya</p><p style="font-size:12.8px;margin:0px;padding:0px"><br></p><p style="font-size:12.8px;margin:0px;padding:0px">We've been running v1.9.2 behind a nginx proxy for some time now. Has the setup for running Keycloak v2.0.0-Final behind a proxy changed? ... We've kept the amended lines, but Keycloak is returns content in non-https appearing to ignore the X-Forwarded-Proto</p><p style="font-size:12.8px;margin:10px 0px 0px;padding:0px">—<br><http-listener name="default" socket-binding="http" proxy-address-forwarding="true" redirect-socket="proxy-https"/><br>...<br></p><p style="font-size:12.8px;margin:10px 0px 0px;padding:0px"><socket-binding name="ajp" port="${jboss.ajp.port:8009}"/></p><p style="font-size:12.8px;margin:10px 0px 0px;padding:0px"><socket-binding name="http" port="${jboss.http.port:8080}"/></p><p style="font-size:12.8px;margin:10px 0px 0px;padding:0px"><socket-binding name="https" port="${jboss.https.port:8443}"/></p><p style="font-size:12.8px;margin:10px 0px 0px;padding:0px"><socket-binding name="proxy-https" port="443"/> <---</p><p style="font-size:12.8px;margin:10px 0px 0px;padding:0px">...</p><hr style="font-size:12.8px"><p style="font-size:12.8px;margin:10px 0px 0px;padding:0px">But looking at the urls handed back, they are all http://</p><p style="font-size:12.8px;margin:10px 0px 0px;padding:0px"><br></p><p style="font-size:12.8px;margin:10px 0px 0px;padding:0px">Doing a tcpdump dump between proxy and keycloak, I can see the X-Forwarded headers added by the proxy</p><p style="font-size:12.8px;margin:10px 0px 0px;padding:0px">GET /auth/admin/master/console/ HTTP/1.0<br>X-Real-IP: 127.0.0.1<br>X-Forwarded-For: 127.0.0.1<br>X-Forwarded-Proto: https<br>Host: 127.0.0.1<br>Connection: close<br>Cache-Control: max-age=0<br>Upgrade-Insecure-Requests: 1<br>User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36<br>Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,<b>/</b>;q=0.8<br>Accept-Encoding: gzip, deflate, sdch, br<br>Accept-Language: en-US,en;q=0.8</p><p style="font-size:12.8px;margin:10px 0px 0px;padding:0px">Rohith</p></div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>