Hello Chris,
how did the configuration go? Were you able to setup the unifiedpush server
behind your nginx proxy?
Thanks,
Matthias
On Fri, Oct 17, 2014 at 8:35 AM, Stian Thorgersen <stian(a)redhat.com> wrote:
Hi Chris,
Can you copy/paste the full URL where you get the 'invalid redirect_uri'
message?
For details about setting up reverse proxy with Keycloak look at
http://docs.jboss.org/keycloak/docs/1.0.2.Final/userguide/html/server-ins....
Key things are X-Forwarded-For and X-Forwarded-Proto which it looks like
you've added, but you also need to do some changes to standalone.xml.
----- Original Message -----
> From: "Matthias Wessendorf" <matzew(a)apache.org>
> To: "AeroGear Developer Mailing List"
<aerogear-dev(a)lists.jboss.org>
> Sent: Friday, 17 October, 2014 8:08:08 AM
> Subject: Re: [aerogear-dev] setting up aerogear behind nginx proxy
>
> Hey Chris!
>
> glad to hear about the progress :)
>
> regarding the "Invalid redirect_uri", looks like something goes wrong
with
> the redirect/ forward.
> On the page were you get the login form (or the Invalid redirect_uri),
can
> you compare the URL in the browser ?
> (especially the part after the &redirect_uri param).
>
> On the 500, any stack trace there?
>
> Thanks,
> Matthias
>
>
> On Fri, Oct 17, 2014 at 7:38 AM, chale < chris.hale(a)me.com > wrote:
>
>
>
> I am having a little more positive progress and a few more useful things
to
> report from me trying to get this working.
> The logs below aren’t an issue anymore. Here is how i now have things
setup.
>
> I have nginx setup and running on port 443 and my nginx config looks like
> this
> location / {
> if ($http_user_agent ~ ^$) {
> # return 403;
> }
>
> proxy_pass
http://10.128.93.235:8080/ ;
> proxy_redirect off;
>
> proxy_set_header Host $host;
> proxy_set_header X-Forwarded-Proto "https";
> proxy_set_header X-Forwarded-Host $host;
> proxy_set_header X-Forwarded-Server $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> }
>
>
> I seem to be able to login if i choose
http://myserver.com but if i try
and
> do
https://myserver.com/ag-push
>
> I get a message that is saying we are sorry Invalid redirect_uri. .
>
> In looking at the http requests I am seeing
> /auth/realms/aerogear/tokens/login url cause a 500
>
> Any way to troubleshoot why its giving a 500?
>
> Thanks in advance,
>
>
>
>
> --
> Chris Hale
> Sent with Sparrow
>
>
>
> On Friday, October 17, 2014 at 12:31 AM, Matthias Wessendorf [via
> aerogear-dev] wrote:
>
>
> Hi Chris!
>
> thanks for trying the UnifiedPush Server. I have never tried to run the
UPS
> behind a (ngnix) proxy. Does the same config work w/o the proxy? The
stack
> above says "Unable to resolve realm public key remotely", so I am
wondering
> if the Keycoak Auth-Server is deployed as well.
>
> In the meantime I'll ask our Keycloak friends if they have any
experience on
> this.
>
> Thanks,
> Matthias
>
> On Fri, Oct 17, 2014 at 6:59 AM, chale < [hidden email] > wrote:
>
>
>
> Hi,
> I need some help. I am trying to setup aerogear behind a nginx proxy
> server that has ssl enabled and I am running into issues. Anytime i try
to
> go to /ag-push I see this in the logs
>
> RROR [org.apache.catalina.connector.CoyoteAdapter]
> (http--10.128.93.235-8080-5) An exception or error occurred in the
container
> during the request processing: java.lang.RuntimeException: Unable to
resolve
> realm public key remotely, status = 403
> at
>
org.keycloak.adapters.AdapterDeploymentContext.resolveRealmKey(AdapterDeploymentContext.java:69)
> [keycloak-adapter-core-1.0-final.jar:]
> at
>
org.keycloak.adapters.AdapterDeploymentContext.resolveDeployment(AdapterDeploymentContext.java:55)
> [keycloak-adapter-core-1.0-final.jar:]
> at
>
org.keycloak.adapters.as7.AuthenticatedActionsValve.invoke(AuthenticatedActionsValve.java:45)
> [keycloak-as7-adapter-1.0-final.jar:]
> at
>
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:397)
> [jbossweb-7.0.13.Final.jar:]
> at
>
org.keycloak.adapters.as7.KeycloakAuthenticatorValve.invoke(KeycloakAuthenticatorValve.java:135)
> [keycloak-as7-adapter-1.0-final.jar:]
> at
> org.jboss.as . web.security.SecurityContextAssociationValve.invoke
> (SecurityContextAssociationValve.java:153)
> [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
> at
>
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
> [jbossweb-7.0.13.Final.jar:]
> at
>
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> [jbossweb-7.0.13.Final.jar:]
> at
>
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> [jbossweb-7.0.13.Final.jar:]
> at
>
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
> [jbossweb-7.0.13.Final.jar:]
> at
>
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)
> [jbossweb-7.0.13.Final.jar:]
> at
>
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671)
> [jbossweb-7.0.13.Final.jar:]
> at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
> [jbossweb-7.0.13.Final.jar:]
> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_65]
>
> Does anyone have any advice or experience on how to go about setting up
> aerogear behind an nginx proxy?
>
>
>
> --
> View this message in context:
>
http://aerogear-dev.1069024.n5.nabble.com/setting-up-aerogear-behind-ngin...
> Sent from the aerogear-dev mailing list archive at
Nabble.com .
> _______________________________________________
> aerogear-dev mailing list
> [hidden email]
>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
> --
> Matthias Wessendorf
>
> blog:
http://matthiaswessendorf.wordpress.com/
> sessions:
http://www.slideshare.net/mwessendorf
> twitter:
http://twitter.com/mwessendorf
>
> _______________________________________________
> aerogear-dev mailing list
> [hidden email]
>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
> If you reply to this email, your message will be added to the discussion
> below:
>
http://aerogear-dev.1069024.n5.nabble.com/setting-up-aerogear-behind-ngin...
> To unsubscribe from setting up aerogear behind nginx proxy, click here .
> NAML
>
>
>
> View this message in context: Re: [aerogear-dev] setting up aerogear
behind
> nginx proxy
>
> Sent from the aerogear-dev mailing list archive at
Nabble.com.
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
> --
> Matthias Wessendorf
>
> blog:
http://matthiaswessendorf.wordpress.com/
> sessions:
http://www.slideshare.net/mwessendorf
> twitter:
http://twitter.com/mwessendorf
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev