[keycloak-user] Proxy TLS settings

gambol gambol99 at gmail.com
Tue Jul 12 05:17:07 EDT 2016


Hiya


We've been running v1.9.2 behind a nginx proxy for some time now. Has the
setup for running Keycloak v2.0.0-Final behind a proxy changed? ... We've
kept the amended lines, but Keycloak is returns content in non-https
appearing to ignore the X-Forwarded-Proto

—
<http-listener name="default" socket-binding="http"
proxy-address-forwarding="true" redirect-socket="proxy-https"/>
...

<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>

<socket-binding name="http" port="${jboss.http.port:8080}"/>

<socket-binding name="https" port="${jboss.https.port:8443}"/>

<socket-binding name="proxy-https" port="443"/> <---

...
------------------------------

But looking at the urls handed back, they are all http://


Doing a tcpdump dump between proxy and keycloak, I can see the X-Forwarded
headers added by the proxy

GET /auth/admin/master/console/ HTTP/1.0
X-Real-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Forwarded-Proto: https
Host: 127.0.0.1
Connection: close
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/51.0.2704.106 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*
;q=0.8
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8

Rohith
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160712/dbbedd73/attachment.html 


More information about the keycloak-user mailing list