Keycloak-代理后面的URL重置密码电子邮件 [英] Keycloak - URL Reset Password email behind a proxy

问题描述

我们在RedHat环境中使用安装在 nginx代理后面的 Keycloak 2.0.0.Final .

We are using Keycloak 2.0.0.Final installed behind a nginx proxy on a RedHat environment.

我们目前正面临 重置密码 功能的问题，该功能通过内部服务器主机发送电子邮件，而不是在操作URL中通过外部服务器主机发送电子邮件.代理.

We are currently facing a problem with the Reset Password functionality which send an email with the internal server host instead of the external one in the action URL as we are behind a proxy.

我通过电子邮件收到此邮件: https://internal/auth/realms/MYREALM/login-actions/reset-credentials?code = wYhHP(...)，但最终用户应该看到

I receive this by email: https://internal/auth/realms/MYREALM/login-actions/reset-credentials?code=wYhHP(...) but the end user should see https://external/auth/realms/MYREALM/login-actions/reset-credentials?code=wYhHP(...). The whole proxy settings work perfectly otherwise, it's basically an URL rewriting function.

我发现这张票与类似案件有关，但解决方案并不理想: http://lists.jboss.org/pipermail/keycloak-user/2015-October/003428.html

I found this ticket relating a similar case but the solution isn't ideal: http://lists.jboss.org/pipermail/keycloak-user/2015-October/003428.html

可以使用任何隐藏的属性，设置或解决方案来解决此问题吗?

Any hidden properties, settings we could use or solution to fix this issue?

谢谢

推荐答案

Nginx从Host标头的内容设置通过电子邮件发送的URL前缀，因此需要将您的nginx代理配置为完整地传递Host标头.

Nginx sets the emailed URL prefix from the contents of the Host header, so your nginx proxy needs to be configured to pass the Host header intact.

类似这样的东西:

proxy_pass        <your internal keycloak URL or IP address>
...
proxy_set_header  Host            $host;
proxy_set_header  X-Real-IP       $remote_addr;
proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
... 

如果内部网址不是https

You may also need to set X-forwarded-proto if your internal URL is not https

这篇关于Keycloak-代理后面的URL重置密码电子邮件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！