[keycloak-dev] Reverse Proxy Docs (and general logging)

Bruno Oliveira bruno at abstractj.org
Thu Aug 29 06:00:08 EDT 2019 

Hi Evan, my apologies for the late reply. For logging, we have a Jira
for it: https://issues.jboss.org/browse/KEYCLOAK-5393. But we didn't
have the time to work on it.

As you know "trust proxy" is already part of expressjs documentation[1].
Maybe worth to add pointers to this documentation, instead of duplicate
the information. And about the example, I'd just leave it as is, adding
comments to the code may give people the false impression that's
something specific to Keycloak.


[1] - https://expressjs.com/en/guide/behind-proxies.html

On 2019-08-07, Evan Shortiss wrote:
> Hi folks,
> 
> I was working on Keycloak Node.js demo this morning and couldn't figure out
> why it was incorrectly constructing my *redirect_uri* for a public client.
> Instead of using HTTPS it was using HTTP - my application was served over
> HTTPS.
> 
> I thought it was might be a bug in keycloak-connect, but turns out it's
> related to the "trust proxy" setting in express. This is fine, it makes
> sense to use standard Node.js/Express environment settings to manage this 👍
> 
> My question is: should debug logging be added in the adapter to help debug
> such issues? If I could have run my project with a
> *DEBUG=keycloak-connect* environment
> variable set and had logs such as those below it could have been helpful.
> 
> I think it's also worth adding commented a line to the Node.js example(s)
> with "trust proxy" set to "true", and a comment above explaining you need
> to uncomment it if behind a reverse proxy. I'm not sure if the various Java
> example(s) require a similar setting/comment.
> 
> When I Googled I didn't find any hits in the Keycloak docs for "reverse
> proxy" so might be worth a docs update too?
> 
> keycloak-connect:protect - creating login url
> keycloak-connect:protect - incoming request.protocol is "http"
> keycloak-connect:protect - WARNING request.protocol is "http" but
> "x-forwarded-proto"
> is "https", "trust proxy" setting might be incorrectly set
> keycloak-connect:protect - login url is $SOME_URL
> 
> -- 
> 
> Evan Shortiss
> 
> Technical Marketing Manager
> 
> Red Hat NA <https://www.redhat.com/>
> 
> Los Angeles
> 
> evan.shortiss at redhat.com
> M: +1-781-354-2834     IM: evanshortiss
> <https://www.redhat.com/>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

-- 

abstractj

More information about the keycloak-dev mailing list