Keycloak is using reverse proxy with nginx configuration to be available in ssl(https).
Now i have deployed .net core aplication in ubuntu.
This application is in http and is using keycloak as openid connect for authentication.
However, when the aplication is hosted in https using nginx, keycloak is showing invalid redirect url instead of login page.
Keycloak login url page contains redirect_uri parameter with http instead of https. Please help to resolve
Configuration done in configuration file in nginx for reverse proxy
server {
listen 443 ssl;
server_name abc.ctech.com;
ssl_certificate /etc/nginx/external/wildcard_ctech_com.pem;
ssl_certificate_key /etc/nginx/external/private.rsa;
location / {
proxy_http_version 1.1;
proxy_set_header Host abc.ctech.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://172.30.5.28:8001;
}
}
#Keycloak Service
server {
listen 443 ssl;
server_name keycloak.ctech.com;
ssl_certificate /etc/nginx/external/wildcard_ctech_com.pem;
ssl_certificate_key /etc/nginx/external/private.rsa;
location = / {
return 301 https://keycloak.ctech.com/auth;
}
location /auth {
proxy_pass http://172.30.5.28:8080/auth;
proxy_http_version 1.1;
proxy_set_header Host keycloak.ctech.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Best Answer
I've been fighting with clustered keycloak in docker swarm mode for a long time now. Ubunter's answer is the same as in the docs, but doing that still didn't fix things for me.
What I had to do to make it work with the current
jboss/keycloak:latest
docker image, (:9.0.3
) was to use the environment variable KEYCLOAK_FRONTEND_URL.Before adding that, it still kept issuing http URLs to the main
/auth/js/keycloak.js?version=czy98
javascript:It also generated http in the inline javascript:
Despite
X-Forwarded-Proto: https
and the other required things in thestandalone-ha.xml