Keycloak-代理后面的URL重置密码电子邮件 [英] Keycloak - URL Reset Password email behind a proxy
问题描述
我们在RedHat环境中使用安装在 nginx代理后面的 Keycloak 2.0.0.Final .
We are using Keycloak 2.0.0.Final installed behind a nginx proxy on a RedHat environment.
我们目前正面临 重置密码 功能的问题,该功能通过内部服务器主机发送电子邮件,而不是在操作URL中通过外部服务器主机发送电子邮件.代理.
We are currently facing a problem with the Reset Password functionality which send an email with the internal server host instead of the external one in the action URL as we are behind a proxy.
我通过电子邮件收到此邮件: https://internal/auth/realms/MYREALM/login-actions/reset-credentials?code = wYhHP(...),但最终用户应该看到
I receive this by email: https://internal/auth/realms/MYREALM/login-actions/reset-credentials?code=wYhHP(...) but the end user should see https://external/auth/realms/MYREALM/login-actions/reset-credentials?code=wYhHP(...). The whole proxy settings work perfectly otherwise, it's basically an URL rewriting function.
我发现这张票与类似案件有关,但解决方案并不理想: http://lists.jboss.org/pipermail/keycloak-user/2015-October/003428.html
I found this ticket relating a similar case but the solution isn't ideal: http://lists.jboss.org/pipermail/keycloak-user/2015-October/003428.html
可以使用任何隐藏的属性,设置或解决方案来解决此问题吗?
Any hidden properties, settings we could use or solution to fix this issue?
谢谢
推荐答案
Nginx从Host标头的内容设置通过电子邮件发送的URL前缀,因此需要将您的nginx代理配置为完整地传递Host标头.
Nginx sets the emailed URL prefix from the contents of the Host header, so your nginx proxy needs to be configured to pass the Host header intact.
类似这样的东西:
proxy_pass <your internal keycloak URL or IP address>
...
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
...
如果内部网址不是https
You may also need to set X-forwarded-proto
if your internal URL is not https
这篇关于Keycloak-代理后面的URL重置密码电子邮件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!