> https://www.keycloak.org/docs/latest/server_admin/#apache-certificate-loo...

Hi Peter, Thanks a lot again ! it works now. However, there was only one change that did the trick.. I changed this : ProxyPass "/xyz" "http://<internal ip address>:<internal port>/" ProxyPassReverse "/xyz" "http://<internal ip address>:<internal port>/" to : ProxyPass "/xyz" "http://<internal ip address>:<internal port>/auth" ProxyPassReverse "/xyz" "http://<internal ip address>:<internal port>/auth" I did not have "auth" at the end of the url in the reverse proxy settings. Instead, I had it in my keycloak.json file as 'https://example.com/xyz/auth'. I am not sure but I think keycloak redirects any request going to http://<internal ip address>:<internal port>/ to http://<internal ip address>:<internal port>/auth automatically.. or maybe not. I would appreciate a clarification on this if possible. Nevertheless, thanks a lot for your time ! Regards, Vikram On 2/22/2019 5:50 PM, Nalyvayko, Peter wrote: > Vikram, > > Make sure your KC instance is internally accessible. I am posting the examples of apache virtual host and the the portion of KC configuration relevant to reverse proxy, where <internal ip address>:<internal port> is the IP address and port respectively your keycloak server is listening on. > > === <Apache>.conf === > > <IfModule mod_ssl.c> > <VirtualHost *:443> > ... > ProxyPreserveHost On > ProxyRequests Off > RequestHeader add "X-forwarded-proto" "https" > > RequestHeader set x-ssl-client-cert "%{SSL_CLIENT_CERT}s" > > ProxyPass "/auth" "http://<internal ip address>:<internal port>/auth" > ProxyPassReverse "/auth" "http://<internal ip address>:<internal port>/auth" > ... > </VirtualHost> > </IfModule> > > ==== standalone.xml ==== > > <subsystem xmlns="urn:jboss:domain:undertow:7.0"> > <buffer-cache name="default"/> > <server name="default-server"> > <http-listener name="default" socket-binding="http" redirect-socket="https-proxy" proxy-address-forwarding="true" enable-http2="true"/> > <https-listener name="https" socket-binding="https" security-realm="<security realm>" enable-http2="true"/> > ..... > </server> > ..... > > Hope this helps > Cheers, > --Peter > _____________________________________ > From: Vikram [vikram.eswar(a)fleetroute.com] > Sent: Friday, February 22, 2019 6:33 AM > To: Nalyvayko, Peter; keycloak-user(a)lists.jboss.org > Subject: Re: [keycloak-user] Running Keycloak behind Apache Reverse Proxy > > Hi Peter, > > thanks a lot for your reply. > > I have followed this link already with no luck. > > I have set X-forwarded headers in my default-ssl.conf file as : > > RequestHeader set X-Forwarded-Proto "https" env=HTTPS > > RequestHeader set X-Forwarded-Port "443" > > RemoteIPHeader X-Forwarded-For > > Should I also set RemoteIPTrustedProxy and RemoteIPInternalProxy to 127.0.0.1 ? because everything is running in the same machine ? or should I add all of this in the security.conf file ? > > Where am I going wrong ? > > I am not getting a json response when I test the configuration using /auth/realms/master/.well-known/openid-configuration.. > > Regards, > > Vikram > > > > On 2/21/2019 10:13 PM, Nalyvayko, Peter wrote: > > Here is a link to a more recent docs: > > https://www.keycloak.org/docs/latest/server_installation/index.html#_sett... > ________________________________________ > From: Nalyvayko, Peter > Sent: Thursday, February 21, 2019 4:11 PM > To: Vikram; keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> > Subject: RE: [keycloak-user] Running Keycloak behind Apache Reverse Proxy > > Vikram, > > > > > https://www.keycloak.org/docs/latest/server_admin/#apache-certificate-loo... > > > > The instructions above only apply if you are trying to set up mutual SSL. > > Take a look at https://www.keycloak.org/docs/1.9/server_installation_guide/topics/cluste... how to set up keycloak behind load balancer, there are a few changes to the keycloak configuration you'll need to make > > Hope this helps > Regards > --Peter > > ________________________________________ > From: keycloak-user-bounces@lists.jboss.org<mailto:keycloak-user-bounces@lists.jboss.org> [keycloak-user-bounces@lists.jboss.org<mailto:keycloak-user-bounces@lists.jboss.org>] on behalf of Vikram [vikram.eswar@fleetroute.com<mailto:vikram.eswar@fleetroute.com>] > Sent: Thursday, February 21, 2019 11:40 AM > To: keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> > Subject: [keycloak-user] Running Keycloak behind Apache Reverse Proxy > > Hi all, > > OS: Ubuntu 18.04 > > I am running an https secured apache server as a reverse proxy. Lets say > at https://example.com > > Now, I have a keycloak server running on the same machine, lets say at > http://localhost:1234 (note: HTTP) > > I have set it up such that https://example.com/keycloak points to > http://localhost:1234 > > Now, I have a javascript application which is trying to authenticate > with Keycloak using a javascript adapter. In the keycloak.json > configuration file, I have the url set up as : > > url : 'https://example.com/keycloak/auth|'| > > This does not work. In order to access keycloak for authentication from > the outside world, I need this to connect. > > Anything on this ? > > I have already looked at this link : > > https://www.keycloak.org/docs/latest/server_admin/#apache-certificate-loo... > > > I have tried setting the certificate lookup but I am not sure if I am > doing it right. I set it within the virtualhost block in the > default-ssl.conf file through RequestHeader. > > Regards, > > Vikram > > > || > > _______________________________________________ > keycloak-user mailing list > keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user