使用Nginx SSL的Keycloak docker HTTPS-REQUIRED [英] Keycloak docker HTTPS-REQUIRED with nginx ssl

问题描述

我第一次使用keycloak进行生产.我在本地计算机上运行keycloak，但从未遇到过此问题.首先，我正在使用docker运行keycloak服务器.泊坞窗映像是从jboss/keycloak中提取的.我已经在域test.com

I am using keycloak for production for the first time. I run keycloak on my local machine and never faced this issue. First I am using docker to run keycloak server. The docker image is pulled from jboss/keycloak. I have set up my SSL using letsEncrypt on my domain test.com

运行docker镜像后，单击管理控制台时出现错误HTTPS-REQUIRED.在 HERE 阅读了很多相关内容之后， a> HERE 和

After running the docker image I ended up getting error HTTPS-REQUIRED when I click on administrative console. After reading up a lot about this from HERE HERE and HERE I realized I need SSL on my domain which I did.

我还在docker命令中传递了PROXY_ADDRESS_FORWARDING=true.这就是我的运行方式.

I also pass PROXY_ADDRESS_FORWARDING=true in my docker command. This is how I run it.

docker run -e KEYCLOAK_USER=temp -e KEYCLOAK_PASSWORD=temp -e PROXY_ADDRESS_FORWARDING=true -p 9090:8080 jboss/keycloak

我的NGINX服务器块看起来像

My NGINX server block looks like

  map $sent_http_content_type $expires {
    default                    off;
    text/html                  epoch; #means no cache, as it is not a static page
    text/css                   max;
    application/javascript     max;
    application/woff2          max;
    ~image/                    30d; #it is only the logo, so maybe I could change it once a month now
}

server {
    listen 80 default_server;
    listen [::]:80 default_server;


    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name test.com www.test.com;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }


    location /auth/ {
            proxy_pass http://x.x.x.x:9090/auth/;

          proxy_http_version 1.1;

          proxy_set_header Host               $host;
          proxy_set_header X-Real-IP          $remote_addr;
          proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto  $scheme;
    }  


        return 301 https://$server_name$request_uri;
}


server {
    # SSL configuration
    #

    #listen 443 ssl http2 default_server;
    listen 443 ssl default_server;
    #listen [::]:443 ssl http2 default_server; # does not work properly with Angular, TODO research about this
    listen [::]:443 ssl default_server;

    expires $expires;

    include snippets/ssl-test.com.conf;
    include snippets/ssl-params.conf;

}

每次我访问text.com或www.test.com时，通过设置ssl都具有https.但是当我执行test.com:9090时，它说不安全.所以我尝试了IP:9090，但是没有https.

By setting up ssl everytime I go to text.com or www.test.com it has https. But when I do test.com:9090 it says not secure. So I try IP:9090 which works but without https.

现在，每次我访问IP:9090时，都可以看到密钥斗篷的主页，但是在单击管理控制台后，我会收到HTTPS-REQUIRED错误.我的配置或设置keycloak/ssl/nginx配置中缺少什么?

Now every time I go to IP:9090 I can see the main page of keycloak but after I click on administrative console I get HTTPS - REQUIRED error. What am I missing in my configuration or setting up keycloak/ssl/nginx config?

主要遵循此: 将位置/auth/从第一个服务器块移到第二个服务器块，它可以工作.认为这会有所帮助.

: Move the location /auth/ from first to second server block and it works. Thought it would be helpful.

推荐答案

正确的结构

server {
    listen 80 default_server;
    listen [::]:80 default_server;


    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name test.com www.test.com;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }





        return 301 https://$server_name$request_uri;
}


server {
    # SSL configuration
    #

    #listen 443 ssl http2 default_server;
    listen 443 ssl default_server;
    #listen [::]:443 ssl http2 default_server; # does not work properly with Angular, TODO research about this
    listen [::]:443 ssl default_server;

    expires $expires;
    location /auth/ {
            proxy_pass http://x.x.x.x:9090/auth/;

          proxy_http_version 1.1;

          proxy_set_header Host               $host;
          proxy_set_header X-Real-IP          $remote_addr;
          proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto  $scheme;
    }  
    include snippets/ssl-test.com.conf;
    include snippets/ssl-params.conf;

}

这篇关于使用Nginx SSL的Keycloak docker HTTPS-REQUIRED的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！