[keycloak-user] Reverse proxy calling admin API
Christian Bauer
christian.bauer at gmail.com
Mon May 23 10:47:10 EDT 2016
This handler sets ServletRequest#getRemoteHost() etc. values in Undertow. In Wildfly code this handler is actually enabled with the listener attribute proxy-address-forwarding=true:
https://github.com/wildfly/wildfly/blob/aaaeb2a13667353db2b6955b9bcdba434a89fd02/undertow/src/main/java/org/wildfly/extension/undertow/HttpListenerService.java#L93 <https://github.com/wildfly/wildfly/blob/aaaeb2a13667353db2b6955b9bcdba434a89fd02/undertow/src/main/java/org/wildfly/extension/undertow/HttpListenerService.java#L93>
What's the difference between enabling the listener attribute and adding the filter manually?
None of this is having any effect on getRequestURL(). There are two ways I see how this host is set: From parsing the HTTP request line or from the Host header.
Whatever proxy testing you do probably works because your proxy passes through the original Host header. Preserving the Host header is the default in haproxy but not mod_proxy.
> On 23.05.2016, at 16:14, Bill Burke <bburke at redhat.com> wrote:
>
> https://keycloak.gitbooks.io/server-installation-and-configuration/content/topics/clustering/load-balancer.html <https://keycloak.gitbooks.io/server-installation-and-configuration/content/topics/clustering/load-balancer.html>
> As Stian said, ProxyPeerAddressHandler? See above.
>
> On 5/23/16 3:16 AM, Christian Bauer wrote:
>>> 08:47:32,512 ERROR [stderr] (default task-2) X-Forwarded-For: 10.0.0.1
>>
>> Copy/paste error, the actual line is:
>>
>> 08:47:32,512 ERROR [stderr] (default task-2) X-Forwarded-For: 10.0.0.1:8888
>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-user <https://lists.jboss.org/mailman/listinfo/keycloak-user>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160523/44e46c29/attachment.html
More information about the keycloak-user
mailing list