我在SSL终止nginx代理后面有一个密钥斗篷设置.当我尝试访问使用keycloak保护的应用程序时,keycloak会生成如下所示的url:
I have a keycloak setup behind SSL terminating nginx proxy. When i try to access application secured using keycloak, keycloak generates url like following:
keycloak.mydomain/auth/realms/AdfsDemo/protocol/openid-connect/auth?client_id=adfs&redirect_uri=http%3A%2F%2Fmyapp.mydomain%2Fsignin-oidc&response_type=code&scope=openid%20profile&response_mode=form_post&nonce=636603226928179925.MmUzYWEzMGYtNTAxOS00MTBkLTk4MWItMDU3MGY1NjAxOGViNzlhYmZiMDQtNTQyOC00Y2YzLTk2MjMtZjNjMWFjNTI1YzM3&state=CfDJ8NQosUp9FsZBgifUu0XsVAEasSeKTitMPUM5yatTiQGf_Kz_X9CpQNPIHOkGr1hsgdErjhbw4ULINvCJgnFdWYctcIuhoyhOTt2Km3xy0qFh4o9gNFkPQlbEqc771MmVC2FUqUtvDqf8zChsyDDfGkxZ6Kc1y36I_3lFfzfubBAyXK0cEb_3AdZBMyDRp2WMykrarD8Z-0iGBk_q5Z8akYYHyCc7q-FSKxP1DW59nHpF8fM6P-S8SdVxvTW2dtEyV9UL6rlqD8dabNNJxhoaXEeBzwRh84it2vVlaaYpQ7d1ErZ51hpuzhG2gYSxnowMdQa8gfd8X1hs5HsgJXL-gCmBgTlxWNQfAy5DRpcX8Wi0&x-client-SKU=ID_NET&x-client-ver=2.1.4.0我可以在https上访问密钥斗篷.但是,当我尝试访问使用keycloak保护的应用程序时,您会注意到keycloak生成的redirect_uri是http而不是https.
I can access keycloak on https just fine. But when i try to access application secured using keycloak You will notice that redirect_uri generated by keycloak is http instead of https.
这是我的nginx配置
Here is my nginx configuration
server { listen 443 ssl; server_name myapp.mydomain; ssl_certificate /etc/nginx/external/wildcard_mydomain_com.pem; ssl_certificate_key /etc/nginx/external/private.rsa; location / { proxy_set_header Host myapp.mydomain; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port 443; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass 172.30.5.28:8001; } } #Keycloak Service server { listen 443 ssl; server_name keycloak.mydomain; ssl_certificate /etc/nginx/external/wildcard_mydomain_com.pem; ssl_certificate_key /etc/nginx/external/private.rsa; location = / { return 301 keycloak.mydomain/auth; } location /auth { proxy_pass 172.30.5.28:8080; proxy_set_header Host keycloak.mydomain; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Port 443; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }非常感谢您的帮助.
谢谢, 拉胡尔
推荐答案我能够解决此问题. 我们有dotnet核心应用程序和keycloak behing ssl终止SSL代理.如上所述的Nginx设置是正确的,问题是应用程序没有将标头正确转发到keyclaok.以下链接帮助: https: //docs.microsoft/zh-CN/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-2.1
I was able to resolve this issue. We have dotnet core application and keycloak behing ssl terminating SSL proxy. Nginx setting as mentioned above is correct, the issue was application was not forwarding the headers properly to keyclaok. Following link helped: docs.microsoft/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-2.1
更多推荐
keycloak将网址重定向到http而不是https
发布评论