On 13/07/16 13:50, Bruce Shaw wrote:

Hello,

I have a standalone Keycloak docker deployed behind a loadbalancer like so:

https -> (443) loadbalancer -> (80) Server -> (8080) DockerContainer

I'm terminating SSL at the loadbalancer, so hitting https://accounts.mysite.com/auth/admin... fails because all assets return as http. I expected Keycloak to match the protocol of https.

If I hit my loadbalancer directly with http, I can flip the switch inside the realm to force all requests to require ssl. Then back over to https://accounts.mysite.com/auth/admin... says "HTTPS Required"??

My network administration knowledge is limited, so at this point I'm stuck. Is there an issue with my standalone.xml configuration?

Yes, looks like that. Your loadbalancer must forward the headers like "X-Forwarded-Proto" . You can also set it in standalone.xml on Keycloak side, so Keycloak see the correct protocol. For some details, see our docs:
https://keycloak.gitbooks.io/server-installation-and-configuration/content/v/2.0/topics/clustering/load-balancer.html
https://keycloak.gitbooks.io/server-installation-and-configuration/content/v/2.0/topics/network/https.html

Marek

jboss.bind.address is "0.0.0.0"

<http-listener name="default" socket-binding="http" redirect-socket="https" />

thanks
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user