keycloak将网址重定向到http而不是https

时间:2018-04-26 12:44:00

标签: nginx keycloak

我在SSL后面设置了一个keycloak设置,终止了nginx代理。当我尝试访问使用keycloak保护的应用程序时,keycloak生成如下的URL:

https://keycloak.mydomain.com/auth/realms/AdfsDemo/protocol/openid-connect/auth?client_id=adfs&redirect_uri=http%3A%2F%2Fmyapp.mydomain.com%2Fsignin-oidc&response_type=code&scope=openid%20profile&response_mode=form_post&nonce=636603226928179925.MmUzYWEzMGYtNTAxOS00MTBkLTk4MWItMDU3MGY1NjAxOGViNzlhYmZiMDQtNTQyOC00Y2YzLTk2MjMtZjNjMWFjNTI1YzM3&state=CfDJ8NQosUp9FsZBgifUu0XsVAEasSeKTitMPUM5yatTiQGf_Kz_X9CpQNPIHOkGr1hsgdErjhbw4ULINvCJgnFdWYctcIuhoyhOTt2Km3xy0qFh4o9gNFkPQlbEqc771MmVC2FUqUtvDqf8zChsyDDfGkxZ6Kc1y36I_3lFfzfubBAyXK0cEb_3AdZBMyDRp2WMykrarD8Z-0iGBk_q5Z8akYYHyCc7q-FSKxP1DW59nHpF8fM6P-S8SdVxvTW2dtEyV9UL6rlqD8dabNNJxhoaXEeBzwRh84it2vVlaaYpQ7d1ErZ51hpuzhG2gYSxnowMdQa8gfd8X1hs5HsgJXL-gCmBgTlxWNQfAy5DRpcX8Wi0&x-client-SKU=ID_NET&x-client-ver=2.1.4.0

我可以在https上访问keycloak就好了。但是当我尝试访问使用keycloak保护的应用程序时您会注意到keycloak生成的redirect_uri是http而不是https。

这是我的nginx配置

server {       
listen 443  ssl;
server_name  myapp.mydomain.com;
ssl_certificate /etc/nginx/external/wildcard_mydomain_com.pem;
ssl_certificate_key /etc/nginx/external/private.rsa;

location / {                 
   proxy_set_header Host myapp.mydomain.com;         
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-Proto $scheme;       
   proxy_set_header X-Forwarded-Port 443;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;                               
   proxy_pass http://172.30.5.28:8001;
 }
}

#Keycloak Service
server {
listen 443  ssl;
server_name  keycloak.mydomain.com;  
ssl_certificate /etc/nginx/external/wildcard_mydomain_com.pem;
ssl_certificate_key /etc/nginx/external/private.rsa;
location = / {
     return 301 https://keycloak.mydomain.com/auth; 
}  
location /auth {
   proxy_pass http://172.30.5.28:8080;        
   proxy_set_header Host keycloak.mydomain.com;  
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-Proto https;
   proxy_set_header X-Forwarded-Port 443;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;           
 }
}

非常感谢任何帮助。

谢谢, 拉胡

1 个答案:

答案 0 :(得分:0)

我能够解决这个问题。 我们有dotnet核心应用程序和keycloak behing ssl终止SSL代理。如上所述的Nginx设置是正确的,问题是应用程序没有正确地将标头转发到keyclaok。以下链接帮助: https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-2.1