[keycloak-user] Using nginx as a reverse proxy for Keycloak 6.0.1 on a port other than 443

Jannis Warnat jannis.warnat at fit.fraunhofer.de
Fri Aug 16 08:19:18 EDT 2019 

Hi all,

I cannot get Keycloak 6.0.1 to work behind nginx as a reverse proxy for 
TLS termination with nginx listening on a port other than 443 (I try to 
configure it to use 8443). Here is what I did:

- Set up nginx and Keycloak 6.0.1 in a user-defined Docker network 
(using docker-compose, see below for details) with self-signed 
certificates for localhost.
- Environment variable PROXY_ADDRESS_FORWARDING is set to true for the 
Keycloak container.
- Nginx listens for SSL connections on port 8443 and forwards to 
keycloak:8080 while adding x-forwarded headers.
- According to the documentation 
(https://www.keycloak.org/docs/latest/server_installation/index.html#_setting-up-a-load-balancer-or-proxy), 
I added the following to standalone-ha.xml:

[...]
<http-listener name="default" socket-binding="http" 
*redirect-socket="proxy-https"*proxy-address-forwarding="${env.PROXY_ADDRESS_FORWARDING:false}" 
enable-http2="true"/>
[...]
*<socket-binding name="proxy-https" port="8443"/>*
[...]

Yet when I check URL 
https://localhost:8443/auth/realms/master/.well-known/openid-configuration 
the URLs listed assume https standard port instead of 8443 for the 
listed endpoints, e.g.

authorization_endpoint 
"https://localhost/auth/realms/master/protocol/openid-connect/auth"

etc. I would expect

authorization_endpoint 
"https://localhost:8443/auth/realms/master/protocol/openid-connect/auth"

I put a minimal example on GitHub, the issue is reproducible like this:

git clone https://github.com/janniswarnat/keycloak-minimal-example.git
cd keycloak-minimal-example
docker-compose up -d
curl --insecure 
https://localhost:8443/auth/realms/master/.well-known/openid-configuration 
| jq

Do I miss anything obvious?

Thanks in advance and best regards

Jannis

-- 
Jannis Warnat
------------------------------
Research Associate
User-Centered Ubiquitous Computing

Fraunhofer Institute for Applied Information Technology FIT
Schloss Birlinghoven, 53754 Sankt Augustin, GERMANY
Phone:(+49) 2241 / 14 3673
Email: jannis.warnat at fit.fraunhofer.de
------------------------------
http://www.fit.fraunhofer.de/en
http://www.fit.fraunhofer.de/en/fb/ucc/ubiquitous.html
------------------------------

More information about the keycloak-user mailing list