使用自定义基本 URL 为 Keycloak docker 配置反向代理 [英] Configure reverse-proxy for Keycloak docker with custom base URL

问题描述

如何将 docker keycloak base url 设置为参数?

How can I set the docker keycloak base url as parameter ?

我有以下 nginx 反向代理配置:

I have the following nginx reverse proxy configuration:

server {
    listen 80;
    server_name example.com;

    location /keycloak {
        proxy_pass http://example.com:8087/;
    }
}

当我尝试访问 http://example.com/keycloak/ 时，我得到了一个 keycloak http 重定向到 http://example.com/auth/ 而不是 http://example.com/keycloak/auth/

When I try to access http://example.com/keycloak/ I got a keycloak http redirect to http://example.com/auth/ instead of http://example.com/keycloak/auth/

有什么想法吗?

推荐答案

刚刚测试了@home，实际上需要添加多个配置:

Just tested that @home, and actually multiple configuration additions are needed:

1/使用 env -e PROXY_ADDRESS_FORWARDING=true 运行 keycloak 容器 如文档中所述，这是访问 keycloak 的代理方式所必需的:

1/ Run the keycloak container with env -e PROXY_ADDRESS_FORWARDING=true as explained in the docs, this is required in a proxy way of accessing to keycloak:

docker run -it --rm -p 8087:8080 --name keycloak -e PROXY_ADDRESS_FORWARDING=true jboss/keycloak:latest

也在这个SO问题

2/更改keycloak配置文件中的web-context$JBOSS_HOME/standalone/configuration/standalone.xml

2/ Change the web-context inside keycloak's configuration file $JBOSS_HOME/standalone/configuration/standalone.xml

默认的keycloak配置指向auth

Default keycloak configuration points to auth

<web-context>auth</web-context>

然后你可以把它改成keycloak/auth

<web-context>keycloak/auth</web-context>

如果您需要为 docker 自动执行此操作，只需创建一个新的 keycloak 映像:

If you need to automate this for docker, just create a new keycloak image :

FROM jboss/keycloak:latest

USER jboss

RUN sed -i -e 's/<web-context>auth</web-context>/<web-context>keycloak/auth</web-context>/' $JBOSS_HOME/standalone/configuration/standalone.xml

3/在nginx配置中添加一些代理信息(主要用于http/https处理)

3/ Add some proxy information to nginx configuration (mostly for http / https handling)

location /keycloak {
    proxy_pass http://example.com:8087;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

如果您在同一台服务器上将来自 nginx 的请求代理到 keycloak，我建议使用 proxy_pass http://localhost:8087;，如果不是，请尝试使用专用网络以避免通过外部代理网络请求.

If you are proxying requests from nginx to keycloak on same server, I recommend using proxy_pass http://localhost:8087;, and if not try to use a private network to avoid proxying through external web requests.

希望能帮到你

这篇关于使用自定义基本 URL 为 Keycloak docker 配置反向代理的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！