Re: [keycloak-user] Keycloak and HTTPS behind reverse proxy
Hi
Just a few weeks ago I had to setup KC behind reverse proxy with TLS and
this tutorial did it for me:
http://mirocupak.com/configuring-wildfly-behind-a-reverse-proxy-with-tls/
I did have to disable HTTP redirect because it was causing problems
(read the comments).
Predrag Mijatovic je 07. 09. 2016 ob 11:37 napisal:
Hello,
I need help with Keycloak over HTTPS...I've started Keycloak with
"./standalone.sh -b 10.45.0.6". I have DNS name login.mysite.com
<http://login.mysite.com/> which points to
NGINX listening on a public IP. NGINX is set up as a reverse proxy:
server {
ssl on;
listen 443;
server_name login.mysite.com <http://login.mysite.com/>;
ssl_verify_client off;
proxy_ssl_server_name on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://10.45.0.6:8080 <http://10.45.0.6:8080/>;
}
}
I can successfully open https://login.mysite.com/auth/
<https://login.mysite.com/auth/> (green padlock and
everything), but https://login.mysite.conf/auth/admin/master/console/
<https://login.mysite.conf/auth/admin/master/console/> fails with
"{{notification.header}} {{notification.message}} Loading...". Inspecting the
web page I see that a lot of .js files are served over HTTP and the browser
complains about mixed content.
Reading the docs I figured that setting stuff on the side of reverse proxy is
enough? Do I need to do anything else?
Thanks
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
Attachments:
- attachment.html (text/html — 3.2 KB)