<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">I've managed to get it working, but I'm not sure what exactly was the issue. I reedited standalone.xml from scratch by following the docs, restarted Keycloak and HTTPS worked...I must have made some typos before. Sorry for the alarm and thanks!</div><br class=""><div><blockquote type="cite" class=""><div class="">On Sep 7, 2016, at 11:51 AM, cen <<a href="mailto:imbacen@gmail.com" class="">imbacen@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta content="text/html; charset=windows-1252" http-equiv="Content-Type" class="">
<div bgcolor="#FFFFFF" text="#000000" class=""><p class="">Hi</p><p class="">Just a few weeks ago I had to setup KC behind reverse proxy with
TLS and this tutorial did it for me:
<a class="moz-txt-link-freetext" href="http://mirocupak.com/configuring-wildfly-behind-a-reverse-proxy-with-tls/">http://mirocupak.com/configuring-wildfly-behind-a-reverse-proxy-with-tls/</a></p><p class="">I did have to disable HTTP redirect because it was causing
problems (read the comments).<br class="">
</p>
<br class="">
<div class="moz-cite-prefix">Predrag Mijatovic je 07. 09. 2016 ob
11:37 napisal:<br class="">
</div>
<blockquote cite="mid:FFE2192B-0E5A-4140-970E-AAD7A6D45D12@gmail.com" type="cite" class="">
<pre wrap="" class="">Hello,
I need help with Keycloak over HTTPS...I've started Keycloak with
"./standalone.sh -b 10.45.0.6". I have DNS name <a href="http://login.mysite.com" class="">login.mysite.com</a> <a class="moz-txt-link-rfc2396E" href="http://login.mysite.com/"><http://login.mysite.com/></a> which points to
NGINX listening on a public IP. NGINX is set up as a reverse proxy:
server {
ssl on;
listen 443;
server_name <a href="http://login.mysite.com" class="">login.mysite.com</a> <a class="moz-txt-link-rfc2396E" href="http://login.mysite.com/"><http://login.mysite.com/></a>;
ssl_verify_client off;
proxy_ssl_server_name on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass <a class="moz-txt-link-freetext" href="http://10.45.0.6:8080/">http://10.45.0.6:8080</a> <a class="moz-txt-link-rfc2396E" href="http://10.45.0.6:8080/"><http://10.45.0.6:8080/></a>;
}
}
I can successfully open <a class="moz-txt-link-freetext" href="https://login.mysite.com/auth/">https://login.mysite.com/auth/</a> <a class="moz-txt-link-rfc2396E" href="https://login.mysite.com/auth/"><https://login.mysite.com/auth/></a> (green padlock and
everything), but <a class="moz-txt-link-freetext" href="https://login.mysite.conf/auth/admin/master/console/">https://login.mysite.conf/auth/admin/master/console/</a> <a class="moz-txt-link-rfc2396E" href="https://login.mysite.conf/auth/admin/master/console/"><https://login.mysite.conf/auth/admin/master/console/></a> fails with
"{{notification.header}} {{notification.message}} Loading...". Inspecting the
web page I see that a lot of .js files are served over HTTP and the browser
complains about mixed content.
Reading the docs I figured that setting stuff on the side of reverse proxy is
enough? Do I need to do anything else?
Thanks
</pre>
<br class="">
<fieldset class="mimeAttachmentHeader"></fieldset>
<br class="">
<pre wrap="" class="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br class="">
</div>
_______________________________________________<br class="">keycloak-user mailing list<br class=""><a href="mailto:keycloak-user@lists.jboss.org" class="">keycloak-user@lists.jboss.org</a><br class="">https://lists.jboss.org/mailman/listinfo/keycloak-user</div></blockquote></div><br class=""></body></html>