Re: [keycloak-user] Keycloak Docker behind loadbalancer with https fails
On 13/07/16 13:50, Bruce Shaw wrote:
Hello,
I have a standalone Keycloak docker deployed behind a loadbalancer
like so:
https -> (443) loadbalancer -> (80) Server -> (8080) DockerContainer
I'm terminating SSL at the loadbalancer, so hitting
https://accounts.mysite.com/auth/admin... fails because all assets
return as http. I expected Keycloak to match the protocol of https.
If I hit my loadbalancer directly with http, I can flip the switch
inside the realm to force all requests to require ssl. Then back over
to https://accounts.mysite.com/auth/admin... says "HTTPS Required"??
My network administration knowledge is limited, so at this point I'm
stuck. Is there an issue with my standalone.xml configuration?
Yes, looks like
that. Your loadbalancer must forward the headers like
"X-Forwarded-Proto" . You can also set it in standalone.xml on Keycloak
side, so Keycloak see the correct protocol. For some details, see our docs:
https://keycloak.gitbooks.io/server-installation-and-configuration/conten...
https://keycloak.gitbooks.io/server-installation-and-configuration/conten...
Marek
jboss.bind.address is "0.0.0.0"
<http-listener name="default" socket-binding="http"
redirect-socket="https" />
thanks
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
Attachments:
- attachment.html (text/html — 3.8 KB)