[keycloak-user] Proxying and changing port.

Kevin Thorpe kevin.thorpe at p-i.net
Fri Sep 18 10:55:08 EDT 2015


Ah, possibly the Wildfly part. I know nothing about that since I'm an elder
geek not
a Java guy.


*Kevin Thorpe*
CTO

<https://www.p-i.net/>    <https://twitter.com/@PI_150>

www.p-i.net | @PI_150 <https://twitter.com/@PI_150>

M: +44 (0)7425 160 368 | T: +44 (0)203 005 6750 | F: +44(0)207 730 2635
150 Buckingham Palace Road, London, SW1W 9TR, UK


_____________________________

This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and
delete this e-mail from your system. If you are not the intended recipient
you are notified that disclosing, copying, distributing or taking any
action in reliance on the contents of this information is strictly
prohibited.

*"SAVE PAPER - THINK BEFORE YOU PRINT!" *

On 18 September 2015 at 14:44, Felipe Braun Azambuja <
felipe.braun at intelbras.com.br> wrote:

> I don't agree. I proxy 443 -> 8080 :)
>
> Mine looks like this:
>
> server {
>   listen 443 ssl spdy;
>
>   (lots of ssl options)
>
>   location / {
>     proxy_set_header Host $host;
>     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>     proxy_set_header X-Forwarded-Proto https;
>     proxy_set_header X-Forwarded-Port 443;
>     proxy_pass http://keycloack:8080$request_uri;
>   }
> }
>
> (I think that $request_uri on the end should not be there)
>
> And, of course, setting up wildfly so it knows it's behind a reverse
> proxy. Proxy address forwarding, if I'm not mistaken.
>
>
> Il 18/09/2015 10:33, Kevin Thorpe ha scritto:
>
>> Yeah it's definitely the port. I can use exactly the same config
>> proxying port 8443 -> 8443 and
>> it works.
>>
>> *Kevin Thorpe
>> *
>> CTO
>>
>> <https://www.p-i.net/> <https://twitter.com/@PI_150>
>>
>> www.p-i.net <http://www.p-i.net/> | @PI_150 <https://twitter.com/@PI_150>
>>
>> M: +44 (0)7425 160 368 | T: +44 (0)203 005 6750 | F: +44(0)207 730 2635
>> 150 Buckingham Palace Road, London, SW1W 9TR, UK
>>
>> **
>> _____________________________
>>
>> This email and any files transmitted with it are confidential and
>> intended solely for the use of the individual or entity to whom they are
>> addressed. If you have received this email in error please notify the
>> system manager. This message contains confidential information and is
>> intended only for the individual named. If you are not the named
>> addressee you should not disseminate, distribute or copy this e-mail.
>> Please notify the sender immediately by e-mail if you have received this
>> e-mail by mistake and delete this e-mail from your system. If you are
>> not the intended recipient you are notified that disclosing, copying,
>> distributing or taking any action in reliance on the contents of this
>> information is strictly prohibited.
>>
>> *"SAVE PAPER - THINK BEFORE YOU PRINT!" *
>>
>>
>> On 18 September 2015 at 14:25, Kevin Thorpe <kevin.thorpe at p-i.net
>> <mailto:kevin.thorpe at p-i.net>> wrote:
>>
>>     Still struggling with wrapping Keycloak under nginx. Keycloak runs
>>     on our internal infrastructure
>>     on port 8443 because it's a right pain to get it on port 443.
>>
>>     Now some of our clients have restrictive firewalls that only allow
>>     80 and 443 so I'm trying to
>>     proxy it on port 443 in Nginx so we have a single pont of contact.
>>     It doesn't work.
>>
>>     Chrome is giving ERR_RESPONSE_HEADERS_TRUNCATED and I'm not sure
>>     why. Redirect is happening properly as shown from an AWS client:
>>
>>     52.21.xxx.xxx - - [18/Sep/2015:14:23:49 +0100] xxxx.pibenchmark.com
>>     <http://xxxx.pibenchmark.com> "GET / HTTP/1.1" 009 7 "-"
>>     "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like
>>     Gecko) Chrome/45.0.2454.93 Safari/537.36" "10.20.13.184:8443
>>     <http://10.20.13.184:8443>"
>>
>>     Can Keycloak not handle the difference in ports? I'm really
>>     struggling to understand here.
>>
>>     nginx config:
>>
>>     # login-uat server
>>
>>     server {
>>          listen 10.20.13.11:443 <http://10.20.13.11:443>;
>>
>>          server_name xxxx.pibenchmark.com <http://xxxx.pibenchmark.com>;
>>
>>          ssl                        on;
>>     # ssl key bits
>>          client_max_body_size      10G;
>>
>>          location / {
>>              proxy_pass http://login-uat-cluster;
>>          }
>>     }
>>
>>     # only one of these will be working but nginx should be able to work
>>     out which
>>     upstream login-uat-cluster {
>>          server keycloak.pibenchmark.com:8443
>>     <http://keycloak.pibenchmark.com:8443>;
>>     }
>>
>>
>>
>>     *Kevin Thorpe
>>     *
>>     CTO
>>
>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
> --
> Felipe Braun Azambuja
> DBA
> Tecnologia da Informação e Comunicação
> (48) 3281 9577
> felipe.braun at intelbras.com.br
> Esta mensagem, incluindo seus anexos, contém informações protegidas por
> lei, sujeitas a privilégios e/ou confidencialidades, não podendo ser
> retransmitida, arquivada, divulgada ou copiada sem autorização do
> remetente. O remetente utiliza o correio eletrônico no exercício do seu
> trabalho ou em razão dele, eximindo esta instituição de qualquer
> responsabilidade por utilização indevida. Caso tenha recebido esta mensagem
> por engano, por favor informe o remetente respondendo imediatamente a este
> e-mail, e em seguida apague-a do seu computador.
>
> The information contained in this e-mail and its attachments are protected
> by law, subjected to privilege and/or confidentiality and cannot be
> retransmitted, filed, disclosed or copied without authorization from the
> sender. The sender uses the electronic mail in the exercise of his/her work
> or by virtue thereof, and the institution accepts no liability from its
> undue use. If you have received this message by mistake, please notify us
> immediately by returning the e-mail and deleting this message from your
> system.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150918/89aeb7b1/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pi_icon.jpg
Type: image/jpeg
Size: 3053 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20150918/89aeb7b1/attachment.jpg 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: twitter.jpg
Type: image/jpeg
Size: 1204 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20150918/89aeb7b1/attachment-0001.jpg 


More information about the keycloak-user mailing list