I did it with my Java+JSF based web project where NGINX is in front end and
Keycloak-HA in backside of NGINX with external(mariadb) db. Its work fine
in the keycloak url everywhere i am giving https://<NGINX URL>/auth now its
NGINX configuration duty to redirect the keycloak its want anyhow both
keycloak point to same DB.
I have generated SSL certificate for NGINX and import to the client machine
for https connection.
Its all working fine.
On Fri, Feb 9, 2018 at 9:02 AM, karan shah <karan.s1992(a)outlook.com> wrote:
Posting this again as I have not been successful. I have a sample
app
which correctly secures the rest api locally. Now when I put this in
production behind a nginx proxy it does not work. No errors. It allows all
request.
Front end serer with ssl is
https://frontend.com<https://frontend.com/<
https://outlook.live.com/mail/>>
Back end server with ssl is
https://backend.com<https://backend.com/>
Keycloak proxy forward is true
Front end server(node server on 9000) <-> NGINX <-> Keycloak (running on
8180)
nginx file sample
upstream keycloak_server {
server localhost:8180;
}
upstream node_server {
server localhost:9000;
}
location /auth/ {
proxy_pass
http://keycloak_server<http://keycloak_server/>;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location / {
proxy_pass
http://node_server<http://node_server/>;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
Front end server calls a backend api using Angular. REST api calls looks
likehttps://backend.com/callTest
Backend server(running on tomcat) <-> NGINX <-> Spring Boot(with keycloak)
nginx sample
location / {
proxy_pass
http://127.0.0.1:8080/dt-1.0/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
in angular keycloak.json looks like
{
"realm": "demo",
"auth-server-url": "https://frontend.com/auth",
"ssl-required": "none",
"resource": "tutorial-frontend",
"public-client": true
}
in spring boot keycloak properties look like
keycloak.auth-server-url=https://frontend.com/auth
keycloak.realm=demo
keycloak.resource=1040nra-client
keycloak.public-client=true
keycloak.bearer-only = true
keycloak.cors = true
keycloak.security-constraints[0].authRoles[0]=user
keycloak.security-constraints[0].securityCollections[0].patterns[0]=/*
Please let me know how to correct this. I would really appreciate it.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user