Re: [keycloak-user] problem with nginx reverse proxy and ip access control
Hey,
Thanks for the reply. I've gone through pretty much the same iterations. I've
also tried manipulating the X-Forwarded-For as you mentioned and it doesnt help either.
In our case we are using Amazon ECS to host Keycloak behind an external facing ALB. I
want to be able to restrict the admin console to internal only addresses, so I have an
nginx container to reverse-proxy admin requests to keycloak. No matter what configuration
I try, I cannot get it to work.
Would be open to any other suggestions
I’ve added some snippet into http part of nginx (if using nginx ingress:
config.http-snippet)
geo $admin_access {
default deny;
192.168.0.1/24 allow;
}
and into server part of nginx host (of server-snippet of your ingress service
configuration)
set $check “";
if ($uri ~ '^/auth/admin') { set $check "${admin_access}-admin"; };
if ($check = "deny-admin") { return 403; }
br, Jernej