使用Nginx的Keycloak重定向URL将转到http而不是https
Keycloak正在将反向代理与nginx配置一起使用,以在ssl(https)中可用. 现在,我已经在ubuntu中部署了.net核心应用程序. 该应用程序位于http中,并且使用keycloak作为openid connect进行身份验证.
Keycloak is using reverse proxy with nginx configuration to be available in ssl(https). Now i have deployed .net core aplication in ubuntu. This application is in http and is using keycloak as openid connect for authentication.
但是,当使用nginx将应用托管在https中时,keycloak显示的是无效的重定向URL,而不是登录页面. Keycloak登录URL页面包含带有http而不是https的redirect_uri参数.请帮忙解决 在Nginx的配置文件中完成了反向代理的配置
However, when the aplication is hosted in https using nginx, keycloak is showing invalid redirect url instead of login page. Keycloak login url page contains redirect_uri parameter with http instead of https. Please help to resolve Configuration done in configuration file in nginx for reverse proxy
server {
listen 443 ssl;
server_name abc.ctech.com;
ssl_certificate /etc/nginx/external/wildcard_ctech_com.pem;
ssl_certificate_key /etc/nginx/external/private.rsa;
location / {
proxy_http_version 1.1;
proxy_set_header Host abc.ctech.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://172.30.5.28:8001;
}
}
#Keycloak Service
server {
listen 443 ssl;
server_name keycloak.ctech.com;
ssl_certificate /etc/nginx/external/wildcard_ctech_com.pem;
ssl_certificate_key /etc/nginx/external/private.rsa;
location = / {
return 301 https://keycloak.ctech.com/auth;
}
location /auth {
proxy_pass http://172.30.5.28:8080/auth;
proxy_http_version 1.1;
proxy_set_header Host keycloak.ctech.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
我一直在与docker swarm模式下的集群密钥库进行斗争很长时间了. Ubunter的答案与文档中的答案相同,但是这样做仍然无法解决我的问题.
I've been fighting with clustered keycloak in docker swarm mode for a long time now. Ubunter's answer is the same as in the docs, but doing that still didn't fix things for me.
要使其与当前jboss/keycloak:latest泊坞窗映像(:9.0.3)配合使用,我要做的就是使用环境变量 KEYCLOAK_FRONTEND_URL .
What I had to do to make it work with the current jboss/keycloak:latest docker image, (:9.0.3) was to use the environment variable KEYCLOAK_FRONTEND_URL.
在添加该内容之前,它仍然会向主要的/auth/js/keycloak.js?version=czy98 javascript发行http URL:
Before adding that, it still kept issuing http URLs to the main /auth/js/keycloak.js?version=czy98 javascript:
...
<!-- Libraries not managed by yarn -->
<script src="/auth/resources/czy98/admin/keycloak/lib/angular/ui-bootstrap-tpls-0.11.0.js"></script>
<script src="/auth/resources/czy98/admin/keycloak/lib/angular/treeview/angular.treeview.js"></script>
<script src="/auth/resources/czy98/admin/keycloak/lib/fileupload/angular-file-upload.min.js"></script>
<script src="/auth/resources/czy98/admin/keycloak/lib/filesaver/FileSaver.js"></script>
<script src="/auth/resources/czy98/admin/keycloak/lib/ui-ace/min/ace.js"></script>
<script src="/auth/resources/czy98/admin/keycloak/lib/ui-ace/ui-ace.min.js"></script>
<script src="http://my.server.name.here/auth/js/keycloak.js?version=czy98" type="text/javascript"
></script>
<script src="/auth/resources/czy98/admin/keycloak/js/app.js" type="text/javascript"></script>
<script src="/auth/resources/czy98/admin/keycloak/js/controllers/realm.js" type="text/javascript"></scr
ipt>
<script src="/auth/resources/czy98/admin/keycloak/js/controllers/clients.js" type="text/javascript"></s
cript>
<script src="/auth/resources/czy98/admin/keycloak/js/controllers/users.js" type="text/javascript"></scr
ipt>
<script src="/auth/resources/czy98/admin/keycloak/js/controllers/groups.js" type="text/javascript"></sc
ript>
<script src="/auth/resources/czy98/admin/keycloak/js/controllers/roles.js" type="text/javascript"></scr
ipt>
<script src="/auth/resources/czy98/admin/keycloak/js/loaders.js" type="text/javascript"></script>
<script src="/auth/resources/czy98/admin/keycloak/js/services.js" type="text/javascript"></script>
...
它还在嵌入式javascript中生成了http:
It also generated http in the inline javascript:
<script type="text/javascript">
var authServerUrl = 'http://my.server.name.here/auth';
var authUrl = 'http://my.server.name.here/auth';
var consoleBaseUrl = '/auth/admin/master/console/';
var resourceUrl = '/auth/resources/czy98/admin/keycloak';
var masterRealm = 'master';
var resourceVersion = 'czy98';
</script>
尽管X-Forwarded-Proto: https和standalone-ha.xml