Hello, I need help with Keycloak over HTTPS...I've started Keycloak with "./standalone.sh -b 10.45.0.6". I have DNS name login.mysite.com <http://login.mysite.com> which points to NGINX listening on a public IP. NGINX is set up as a reverse proxy: server { ssl on; listen 443; server_name login.mysite.com <http://login.mysite.com>; ssl_verify_client off; proxy_ssl_server_name on; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_pass http://10.45.0.6:8080; } } I can successfully open https://login.mysite.com/auth/ (green padlock and everything), but https://login.mysite.conf/auth/admin/master/console/ fails with "{{notification.header}} {{notification.message}} Loading...". Inspecting the web page I see that a lot of .js files are served over HTTP and the browser complains about mixed content. Reading the docs I figured that setting stuff on the side of reverse proxy is enough? Do I need to do anything else? Thanks _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

On Sep 7, 2016, at 11:51 AM, cen <imbacen(a)gmail.com&gt; wrote: Hi Just a few weeks ago I had to setup KC behind reverse proxy with TLS and this tutorial did it for me: http://mirocupak.com/configuring-wildfly-behind-a-reverse-proxy-with-tls/ <http://mirocupak.com/configuring-wildfly-behind-a-reverse-proxy-with-tls/... I did have to disable HTTP redirect because it was causing problems (read the comments). Predrag Mijatovic je 07. 09. 2016 ob 11:37 napisal: > Hello, > > I need help with Keycloak over HTTPS...I've started Keycloak with > "./standalone.sh -b 10.45.0.6". I have DNS name login.mysite.com <http://login.mysite.com/> <http://login.mysite.com/> which points to > NGINX listening on a public IP. NGINX is set up as a reverse proxy: > > server { > ssl on; > listen 443; > server_name login.mysite.com <http://login.mysite.com/> <http://login.mysite.com/>; > ssl_verify_client off; > proxy_ssl_server_name on; > > location / { > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header Host $host; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header X-Forwarded-Proto https; > proxy_pass http://10.45.0.6:8080 <http://10.45.0.6:8080/> <http://10.45.0.6:8080/> <http://10.45.0.6:8080/>; > } > } > > I can successfully open https://login.mysite.com/auth/ <https://login.mysite.com/auth/> <https://login.mysite.com/auth/> <https://login.mysite.com/auth/> (green padlock and > everything), but https://login.mysite.conf/auth/admin/master/console/ <https://login.mysite.conf/auth/admin/master/console/> <https://login.mysite.conf/auth/admin/master/console/> <https://login.mysite.conf/auth/admin/master/console/> fails with > "{{notification.header}} {{notification.message}} Loading...". Inspecting the > web page I see that a lot of .js files are served over HTTP and the browser > complains about mixed content. > > Reading the docs I figured that setting stuff on the side of reverse proxy is > enough? Do I need to do anything else? > > Thanks > > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/keycloak-user <https://lists.jboss.org/mailman/listinfo/keycloak-user> _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user