keycloak / Nginx不在https中重定向(改用http)

时间:2018-12-10 15:54:52

标签: nginx keycloak

我知道这个问题已经解决,但是我对我的Nginx技能没有足够的信心来解决此问题:

我的应用程序和密钥斗篷都在https域上。当我尝试从我的应用登录时,重定向不在https:

https://keycloack.mydomain.com/auth/realms/skilltrock/protocol/openid-connect/auth?scope=openid+email&redirect_uri=http%3A%2F%2Fskilltrock.mydomain.com%2Foidc_callback&response_type=code&client_id=flask_api&access_type=offline&openid.realm=skilltrock&state=eyJjc3JmX3Rva2VuIjogImNBNXBjcHdMOWtOcHcxMUZCLWV3LXlnQW5wSjlLVmFkIiwgImRlc3RpbmF0aW9uIjogImV5SmhiR2NpT2lKSVV6VXhNaUo5LkltaDBkSEE2THk5emEybHNiSFJ5YjJOckxuZGhibTVoYm05emRYVnlkWE11WTI5dEwzQnlhWFpoZEdVaS5Tek9aVHNvRmxQVW0tcFBoXzlPaGotc3lRWW9BUWxKLUFzZU1tVXU4dGk3ekNUdWQySjNMUUlGbkRBekhXM2tqRFF1NDgtMS1PTHpJNThqSGFST2RRUSJ9

重定向位于http而不是https中。 我有Nginx作为反向代理,我知道他的问题在这里,因为还有另一个与此有关的stackoverflow问题。但是我不明白作者是如何解决这个问题的(我对Nginx不太满意)

keycloak redirects urls to http instead of https

这是我对子域Skilltrock(前端)的nginx配置:

server {
server_name  skilltrock.mydomain.com;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;

location / {
      proxy_pass http://0.0.0.0:8080;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

      # enable this if and only if you use HTTPS
      proxy_set_header            X-Forwarded-Proto https;
      proxy_set_header            Host $http_host;
      proxy_set_header            X-Real-IP $remote_addr;
      proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
    }


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

另一个用于子域密钥斗篷

server {
server_name  keycloack.mydomain.com;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;

location / {
        proxy_pass http://0.0.0.0:9000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-Port 443;

        proxy_buffer_size 64k;
        proxy_buffers 8 64k;
        proxy_busy_buffers_size 64k;
    }


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

我的问题是我不知道我是否为子域密钥克隆或子域Skilltrock设置了错误的配置。

我的Web应用程序在本地工作,即使它指向我的https keycloack URL。所以我假设这是我前端的Nginx conf错误。

预先感谢

修改

目前,我已解决了在管理员Keycloak客户端页面的有效重定向URI中添加http://skilltrock.mydomaine.com(注意http部分)的问题。 Nginx然后将http重定向到https部分。但是我不确定让keycloak以这种方式进行重定向是否是一个好主意。有安全隐患吗?

0 个答案:

没有答案
相关问题
最新问题