使用Nginx的Keycloak重定向URL将转到http而不是https [英] Keycloak Redirect url with nginx is going to http rather than https

问题描述

Keycloak正在将反向代理与nginx配置一起使用，以在ssl(https)中可用. 现在，我已经在ubuntu中部署了.net核心应用程序. 该应用程序位于http中，并且使用keycloak作为openid connect进行身份验证.

Keycloak is using reverse proxy with nginx configuration to be available in ssl(https). Now i have deployed .net core aplication in ubuntu. This application is in http and is using keycloak as openid connect for authentication.

但是，当使用nginx将应用托管在https中时，keycloak显示的是无效的重定向URL，而不是登录页面. Keycloak登录URL页面包含带有http而不是https的redirect_uri参数.请帮忙解决 在Nginx的配置文件中完成了反向代理的配置

However, when the aplication is hosted in https using nginx, keycloak is showing invalid redirect url instead of login page. Keycloak login url page contains redirect_uri parameter with http instead of https. Please help to resolve Configuration done in configuration file in nginx for reverse proxy

server {

 listen 443  ssl;

 server_name  abc.ctech.com;

 ssl_certificate /etc/nginx/external/wildcard_ctech_com.pem;

 ssl_certificate_key /etc/nginx/external/private.rsa;


location / {


   proxy_http_version 1.1;

   proxy_set_header Host abc.ctech.com; 

  proxy_set_header X-Real-IP $remote_addr;

   proxy_set_header X-Forwarded-Proto https;

   proxy_set_header X-Forwarded-Port 443;

   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  

proxy_pass http://172.30.5.28:8001; 


  }

}

#Keycloak Service
server {

  listen 443  ssl;

  server_name  keycloak.ctech.com; 

 ssl_certificate /etc/nginx/external/wildcard_ctech_com.pem;

  ssl_certificate_key /etc/nginx/external/private.rsa;

location = / {

  return 301 https://keycloak.ctech.com/auth;
} 

location /auth {

  proxy_pass http://172.30.5.28:8080/auth;

  proxy_http_version 1.1;

  proxy_set_header Host keycloak.ctech.com;  

  proxy_set_header X-Real-IP $remote_addr;

  proxy_set_header X-Forwarded-Proto https;

  proxy_set_header X-Forwarded-Port 443;

  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

  }
}

推荐答案

我一直在与docker swarm模式下的集群密钥库进行斗争很长时间了. Ubunter的答案与文档中的答案相同，但是这样做仍然无法解决我的问题.

I've been fighting with clustered keycloak in docker swarm mode for a long time now. Ubunter's answer is the same as in the docs, but doing that still didn't fix things for me.

要使其与当前jboss/keycloak:latest泊坞窗映像(:9.0.3)配合使用，我要做的就是使用环境变量 KEYCLOAK_FRONTEND_URL .

What I had to do to make it work with the current jboss/keycloak:latest docker image, (:9.0.3) was to use the environment variable KEYCLOAK_FRONTEND_URL.

在添加该内容之前，它仍然会向主要的/auth/js/keycloak.js?version=czy98 javascript发行http URL:

Before adding that, it still kept issuing http URLs to the main /auth/js/keycloak.js?version=czy98 javascript:

...
    <!-- Libraries not managed by yarn -->
    <script src="/auth/resources/czy98/admin/keycloak/lib/angular/ui-bootstrap-tpls-0.11.0.js"></script>
    <script src="/auth/resources/czy98/admin/keycloak/lib/angular/treeview/angular.treeview.js"></script>
    <script src="/auth/resources/czy98/admin/keycloak/lib/fileupload/angular-file-upload.min.js"></script>
    <script src="/auth/resources/czy98/admin/keycloak/lib/filesaver/FileSaver.js"></script>
    <script src="/auth/resources/czy98/admin/keycloak/lib/ui-ace/min/ace.js"></script>
    <script src="/auth/resources/czy98/admin/keycloak/lib/ui-ace/ui-ace.min.js"></script>

    <script src="http://my.server.name.here/auth/js/keycloak.js?version=czy98" type="text/javascript"
></script>

    <script src="/auth/resources/czy98/admin/keycloak/js/app.js" type="text/javascript"></script>
    <script src="/auth/resources/czy98/admin/keycloak/js/controllers/realm.js" type="text/javascript"></scr
ipt>
    <script src="/auth/resources/czy98/admin/keycloak/js/controllers/clients.js" type="text/javascript"></s
cript>
    <script src="/auth/resources/czy98/admin/keycloak/js/controllers/users.js" type="text/javascript"></scr
ipt>
    <script src="/auth/resources/czy98/admin/keycloak/js/controllers/groups.js" type="text/javascript"></sc
ript>
    <script src="/auth/resources/czy98/admin/keycloak/js/controllers/roles.js" type="text/javascript"></scr
ipt>
    <script src="/auth/resources/czy98/admin/keycloak/js/loaders.js" type="text/javascript"></script>
    <script src="/auth/resources/czy98/admin/keycloak/js/services.js" type="text/javascript"></script>
...

它还在嵌入式javascript中生成了http:

It also generated http in the inline javascript:

    <script type="text/javascript">
        var authServerUrl = 'http://my.server.name.here/auth';
        var authUrl = 'http://my.server.name.here/auth';
        var consoleBaseUrl = '/auth/admin/master/console/';
        var resourceUrl = '/auth/resources/czy98/admin/keycloak';
        var masterRealm = 'master';
        var resourceVersion = 'czy98';
    </script>

尽管X-Forwarded-Proto: https和standalone-ha.xml

这篇关于使用Nginx的Keycloak重定向URL将转到http而不是https的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！