Yes. I’ve set up an HTTPS reverse proxy in Apache as usual with and added the required
header:
RequestHeader set X-Forwarded-Proto "https" env=HTTPS
Then I edited /usr/local/keycloak/standalone/configuration/standalone.xml according to
these instructions.
From what I’ve seen there’s no difference in the responses between:
a) Configuring reverse proxy in Apache only
b) Configuring reverse proxy in Apache AND editing standalone.xml
In both cases the hostname is properly resolved, but not the protocol part.
Cheers,
Matthias
p.s.: The documentation shows a configuration for an old release (1.1) of the undertow
subsystem. Current is 3.0, which is also part of Keycloak distro. Is the configuration
identical for both versions?
From: keycloak-user-bounces(a)lists.jboss.org [mailto:keycloak-user-bounces@lists.jboss.org]
On Behalf Of Stian Thorgersen
Sent: Friday, February 26, 2016 1:36 PM
To: Matthias Müller
Cc: keycloak-user
Subject: Re: [keycloak-user] Keycloak 1.9 behind Apache2 reverse proxy not working
properly
DId you follow documentation at
http://keycloak.github.io/docs/userguide/keycloak-server/html/server-inst...
On 26 February 2016 at 12:53, Matthias Müller <Matthias_Mueller(a)tu-dresden.de>
wrote:
Does anyone have experiences with Keycloak 1.9 in an Apache2 reverse
proxy configuration?
In my test setup I am running Keycloak as a standalone service on port
8080. It is proxied behind an Apache HTTP Server that manages the SSL
communication and forwards requests to localhost:8080. The Apache side
of the proxy is working. However, the administration console web page
(auth/admin/master/console/) still contains plain http://... links
(should be: https://) to the JS components which, of course, is invalid.
Obviously the Keycloak service does not see (or ignores) the X-Forwarded
headers.
Am I missing something here?
Cheers,
Matthias
[1]:
http://auth.domain.org/auth/resources/1.9.0.final/admin/keycloak/lib/sele...
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user