By Atulya Nair


2018-04-03 12:02:15 8 Comments

Keycloak is using reverse proxy with nginx configuration to be available in ssl(https). Now i have deployed .net core aplication in ubuntu. This application is in http and is using keycloak as openid connect for authentication.

However, when the aplication is hosted in https using nginx, keycloak is showing invalid redirect url instead of login page. Keycloak login url page contains redirect_uri parameter with http instead of https. Please help to resolve Configuration done in configuration file in nginx for reverse proxy server {

listen 443 ssl;

server_name abc.ctech.com;

ssl_certificate /etc/nginx/external/wildcard_ctech_com.pem;

ssl_certificate_key /etc/nginx/external/private.rsa;

location / {

proxy_http_version 1.1;

proxy_set_header Host abc.ctech.com;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-Proto https;

proxy_set_header X-Forwarded-Port 443;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass http://172.30.5.28:8001;

}

}

Keycloak Service

server {

listen 443 ssl;

server_name keycloak.ctech.com;

ssl_certificate /etc/nginx/external/wildcard_ctech_com.pem;

ssl_certificate_key /etc/nginx/external/private.rsa;

location = / {

return 301 https://keycloak.ctech.com/auth; }

location /auth {

proxy_pass http://172.30.5.28:8080/auth;

proxy_http_version 1.1;

proxy_set_header Host keycloak.ctech.com;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-Proto https;

proxy_set_header X-Forwarded-Port 443;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

}

}

2 comments

@Peter 2019-02-04 17:33:46

You need to proxy pass to https://keycloak_address:8443/auth;. Make sure you have that port open. The below code worked for me.

server {
    listen 80;
    server_name example.com;
    server_tokens off;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://$server_name$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name example.com;
    server_tokens off;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;


    location /auth {
                proxy_pass  https://keycloak_address:8443/auth;
                proxy_set_header    Host                $http_host;
                proxy_set_header    X-Real-IP           $remote_addr;
                proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    }
}

@OldFart 2018-06-28 13:44:12

I believe you must also add a server block listening on port 80 (http) which returns a permanent (301) redirect to the port 443 (https) version of the same server..

Something like the following... (and that goes for BOTH places)

server {
    listen 80;
    server_name example.com;
    return 301 https://$server_name$request_uri;
}

So you would need to add a permanent redirect at both places, replacing (of course) example.com with your actual server names.

Let us know, thanks.

Related Questions

Sponsored Content

3 Answered Questions

[SOLVED] Configure reverse-proxy for Keycloak docker with custom base URL

0 Answered Questions

Adding extension to URL in Nginx

  • 2019-03-19 00:43:37
  • Maki
  • 7 View
  • 0 Score
  • 0 Answer
  • Tags:   nginx

0 Answered Questions

nginx docker compose redirect delay

2 Answered Questions

2 Answered Questions

[SOLVED] Express - req.ip returns 127.0.0.1

2 Answered Questions

How to point many paths to proxy server in nginx

1 Answered Questions

[SOLVED] AWS EB - Redirect all traffic to https

1 Answered Questions

Wordpress constant redirect with nginx upstream

1 Answered Questions

[SOLVED] Ngnix Jsession changed redirection issue

  • 2015-06-30 11:09:34
  • Crazy Developer
  • 413 View
  • 2 Score
  • 1 Answer
  • Tags:   nginx

Sponsored Content