我第一次使用keycloak进行制作。我在本地机器上运行keycloak,从未遇到过这个问题。首先,我使用docker来运行keycloak服务器。泊坞窗图像从jboss/keycloak拉出。我已在我的域SSL
letsEncrypt设置了test.com
运行docker镜像后,当我点击管理控制台时,我最终收到错误HTTPS-REQUIRED。在从HERE HERE和HERE了解了很多相关内容之后,我意识到我在我的域名上需要SSL。
我也在我的docker命令中传递了PROXY_ADDRESS_FORWARDING=true。这就是我运行它的方式。
docker run -e KEYCLOAK_USER=temp -e KEYCLOAK_PASSWORD=temp -e PROXY_ADDRESS_FORWARDING=true -p 9090:8080 jboss/keycloak
我的NGINX服务器块看起来像
map $sent_http_content_type $expires {
default off;
text/html epoch; #means no cache, as it is not a static page
text/css max;
application/javascript max;
application/woff2 max;
~image/ 30d; #it is only the logo, so maybe I could change it once a month now
}
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name test.com www.test.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location /auth/ {
proxy_pass http://x.x.x.x:9090/auth/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
return 301 https://$server_name$request_uri;
}
server {
# SSL configuration
#
#listen 443 ssl http2 default_server;
listen 443 ssl default_server;
#listen [::]:443 ssl http2 default_server; # does not work properly with Angular, TODO research about this
listen [::]:443 ssl default_server;
expires $expires;
include snippets/ssl-test.com.conf;
include snippets/ssl-params.conf;
}
每次我去text.com或www.test.com设置ssl都有https。但是,当我做test.com:9090时,它表示不安全。所以我尝试使用IP:9090,但没有https。
现在每次我去IP:9090我都可以看到keycloak的主页但是在我点击管理控制台之后我得到了HTTPS - REQUIRED错误。我在配置中缺少什么或设置keycloak / ssl / nginx配置?
主要遵循setup nginx for production
EDIT :: 将location / auth /从第一个服务器块移动到第二个服务器块,它可以工作。认为这会有所帮助。
答案 0 :(得分:1)
正确的结构
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name test.com www.test.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
return 301 https://$server_name$request_uri;
}
server {
# SSL configuration
#
#listen 443 ssl http2 default_server;
listen 443 ssl default_server;
#listen [::]:443 ssl http2 default_server; # does not work properly with Angular, TODO research about this
listen [::]:443 ssl default_server;
expires $expires;
location /auth/ {
proxy_pass http://x.x.x.x:9090/auth/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
include snippets/ssl-test.com.conf;
include snippets/ssl-params.conf;
}