4:17 a.m.
Hiya
We've been running v1.9.2 behind a nginx proxy for some time now. Has the
setup for running Keycloak v2.0.0-Final behind a proxy changed? ... We've
kept the amended lines, but Keycloak is returns content in non-https
appearing to ignore the X-Forwarded-Proto
—
<http-listener name="default" socket-binding="http"
proxy-address-forwarding="true" redirect-socket="proxy-https"/>
...
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
<socket-binding name="http" port="${jboss.http.port:8080}"/>
<socket-binding name="https" port="${jboss.https.port:8443}"/>
<socket-binding name="proxy-https" port="443"/> <---
...
------------------------------
But looking at the urls handed back, they are all http://
Doing a tcpdump dump between proxy and keycloak, I can see the X-Forwarded
headers added by the proxy
GET /auth/admin/master/console/ HTTP/1.0
X-Real-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Forwarded-Proto: https
Host: 127.0.0.1
Connection: close
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/51.0.2704.106 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*
;q=0.8
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8
Rohith
4:53 a.m.
I'm pretty sure there's no changes. Has anything changed in your proxy
setup? Does it still work with 1.9.2, but the exact same config doesn't
work with 2.0.0?
On 12 July 2016 at 11:17, gambol <gambol99(a)gmail.com> wrote:
Hiya
We've been running v1.9.2 behind a nginx proxy for some time now. Has the
setup for running Keycloak v2.0.0-Final behind a proxy changed? ... We've
kept the amended lines, but Keycloak is returns content in non-https
appearing to ignore the X-Forwarded-Proto
—
<http-listener name="default" socket-binding="http"
proxy-address-forwarding="true" redirect-socket="proxy-https"/>
...
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
<socket-binding name="http" port="${jboss.http.port:8080}"/>
<socket-binding name="https" port="${jboss.https.port:8443}"/>
<socket-binding name="proxy-https" port="443"/> <---
...
------------------------------
But looking at the urls handed back, they are all http://
Doing a tcpdump dump between proxy and keycloak, I can see the X-Forwarded
headers added by the proxy
GET /auth/admin/master/console/ HTTP/1.0
X-Real-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Forwarded-Proto: https
Host: 127.0.0.1
Connection: close
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/51.0.2704.106 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,
*/*;q=0.8
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8
Rohith
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3164
days inactive
3164
days old
1 comments
2 participants
participants (2)
-
gambol -
Stian Thorgersen