5:17 a.m.
I've managed to get it working, but I'm not sure what exactly was the issue. I
reedited standalone.xml from scratch by following the docs, restarted Keycloak and HTTPS
worked...I must have made some typos before. Sorry for the alarm and thanks!
On Sep 7, 2016, at 11:51 AM, cen <imbacen(a)gmail.com> wrote:
Hi
Just a few weeks ago I had to setup KC behind reverse proxy with TLS and this tutorial
did it for me: http://mirocupak.com/configuring-wildfly-behind-a-reverse-proxy-with-tls/
<http://mirocupak.com/configuring-wildfly-behind-a-reverse-proxy-with-tls/...
I did have to disable HTTP redirect because it was causing problems (read the comments).
Predrag Mijatovic je 07. 09. 2016 ob 11:37 napisal:
> Hello,
>
> I need help with Keycloak over HTTPS...I've started Keycloak with
> "./standalone.sh -b 10.45.0.6". I have DNS name login.mysite.com
<http://login.mysite.com/> <http://login.mysite.com/> which points to
> NGINX listening on a public IP. NGINX is set up as a reverse proxy:
>
> server {
> ssl on;
> listen 443;
> server_name login.mysite.com <http://login.mysite.com/>
<http://login.mysite.com/>;
> ssl_verify_client off;
> proxy_ssl_server_name on;
>
> location / {
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header Host $host;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header X-Forwarded-Proto https;
> proxy_pass http://10.45.0.6:8080 <http://10.45.0.6:8080/>
<http://10.45.0.6:8080/> <http://10.45.0.6:8080/>;
> }
> }
>
> I can successfully open https://login.mysite.com/auth/
<https://login.mysite.com/auth/> <https://login.mysite.com/auth/>
<https://login.mysite.com/auth/> (green padlock and
> everything), but https://login.mysite.conf/auth/admin/master/console/
<https://login.mysite.conf/auth/admin/master/console/>
<https://login.mysite.conf/auth/admin/master/console/>
<https://login.mysite.conf/auth/admin/master/console/> fails with
> "{{notification.header}} {{notification.message}} Loading...". Inspecting
the
> web page I see that a lot of .js files are served over HTTP and the browser
> complains about mixed content.
>
> Reading the docs I figured that setting stuff on the side of reverse proxy is
> enough? Do I need to do anything else?
>
> Thanks
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user