keycloak~nginx实现的https转发"/>
keycloak~nginx实现的https转发
keycloak我们都以docker为例子,来讲一下https的部署。
- https更安全,加密传输
- kc有些cookies,需要https的支持
nginx部署
upstream keycloak {server 192.168.*.*:8080;
}server {server_name kc.lind;listen 443 ssl;ssl_certificate /usr/local/nginx/tls.crt;ssl_certificate_key /usr/local/nginx/tls.key;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_prefer_server_ciphers on;location /{return 301 https://$server_name/auth;}location /auth {proxy_pass http://keycloak/auth;proxy_set_header Host $server_name; proxy_set_header X-Forwarded-Proto $scheme; #决定了keycloak.js文件是走https,这个比较特殊proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}}
kc的docker部署
PROXY_ADDRESS_FORWARDING它的最终作用:
- 在负责在https请求
更多推荐
keycloak~nginx实现的https转发
发布评论