[keycloak-user] Keycloak and HTTPS behind reverse proxy
Predrag Mijatovic
predmijat at gmail.com
Wed Sep 7 06:17:26 EDT 2016
I've managed to get it working, but I'm not sure what exactly was the issue. I reedited standalone.xml from scratch by following the docs, restarted Keycloak and HTTPS worked...I must have made some typos before. Sorry for the alarm and thanks!
> On Sep 7, 2016, at 11:51 AM, cen <imbacen at gmail.com> wrote:
>
> Hi
>
> Just a few weeks ago I had to setup KC behind reverse proxy with TLS and this tutorial did it for me: http://mirocupak.com/configuring-wildfly-behind-a-reverse-proxy-with-tls/ <http://mirocupak.com/configuring-wildfly-behind-a-reverse-proxy-with-tls/>
> I did have to disable HTTP redirect because it was causing problems (read the comments).
>
> Predrag Mijatovic je 07. 09. 2016 ob 11:37 napisal:
>> Hello,
>>
>> I need help with Keycloak over HTTPS...I've started Keycloak with
>> "./standalone.sh -b 10.45.0.6". I have DNS name login.mysite.com <http://login.mysite.com/> <http://login.mysite.com/> which points to
>> NGINX listening on a public IP. NGINX is set up as a reverse proxy:
>>
>> server {
>> ssl on;
>> listen 443;
>> server_name login.mysite.com <http://login.mysite.com/> <http://login.mysite.com/>;
>> ssl_verify_client off;
>> proxy_ssl_server_name on;
>>
>> location / {
>> proxy_set_header X-Real-IP $remote_addr;
>> proxy_set_header Host $host;
>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>> proxy_set_header X-Forwarded-Proto https;
>> proxy_pass http://10.45.0.6:8080 <http://10.45.0.6:8080/> <http://10.45.0.6:8080/> <http://10.45.0.6:8080/>;
>> }
>> }
>>
>> I can successfully open https://login.mysite.com/auth/ <https://login.mysite.com/auth/> <https://login.mysite.com/auth/> <https://login.mysite.com/auth/> (green padlock and
>> everything), but https://login.mysite.conf/auth/admin/master/console/ <https://login.mysite.conf/auth/admin/master/console/> <https://login.mysite.conf/auth/admin/master/console/> <https://login.mysite.conf/auth/admin/master/console/> fails with
>> "{{notification.header}} {{notification.message}} Loading...". Inspecting the
>> web page I see that a lot of .js files are served over HTTP and the browser
>> complains about mixed content.
>>
>> Reading the docs I figured that setting stuff on the side of reverse proxy is
>> enough? Do I need to do anything else?
>>
>> Thanks
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-user <https://lists.jboss.org/mailman/listinfo/keycloak-user>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160907/6071c993/attachment.html
More information about the keycloak-user
mailing list