I'm pretty sure there's no changes. Has anything changed in your proxy setup? Does it still work with 1.9.2, but the exact same config doesn't work with 2.0.0?

On 12 July 2016 at 11:17, gambol <gambol99@gmail.com> wrote:

Hiya


We've been running v1.9.2 behind a nginx proxy for some time now. Has the setup for running Keycloak v2.0.0-Final behind a proxy changed? ... We've kept the amended lines, but Keycloak is returns content in non-https appearing to ignore the X-Forwarded-Proto


<http-listener name="default" socket-binding="http" proxy-address-forwarding="true" redirect-socket="proxy-https"/>
...

<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>

<socket-binding name="http" port="${jboss.http.port:8080}"/>

<socket-binding name="https" port="${jboss.https.port:8443}"/>

<socket-binding name="proxy-https" port="443"/> <---

...

But looking at the urls handed back, they are all http://


Doing a tcpdump dump between proxy and keycloak, I can see the X-Forwarded headers added by the proxy

GET /auth/admin/master/console/ HTTP/1.0
X-Real-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Forwarded-Proto: https
Host: 127.0.0.1
Connection: close
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8

Rohith


_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user