[keycloak-user] Nginx SSL endpoint login form action url uses wrong http scheme

Juraci Paixão Kröhling juraci at kroehling.de
Thu Mar 24 08:48:57 EDT 2016

On 24.03.2016 12:20, Gary Smith wrote:
> Issue is the Keycloak login form action, it's url is using the http
> scheme rather than https so as a result login fails.

Is the login page being served under HTTPS? If so, then you might be 
missing some nginx "proxy_set_header" directives in the configuration 
file. Here's what I have on my nginx:

         proxy_set_header X-Forwarded-Host $host;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header Host $http_host;

Besides that, you'll need to add "proxy-address-forwarding" and 
"redirect-socket" to the HTTP listener, as well as add a socket-binding 
for the proxy port 443. It's described here, under " Configure 


If your login page is under HTTP, instead of HTTPS, then you might need 
to adjust the server-url on the keycloak.json.

- Juca.

More information about the keycloak-user mailing list