问题描述
我第一次使用keycloak
进行生产.我在本地计算机上运行keycloak,但从未遇到过此问题.首先,我正在使用docker运行keycloak服务器.泊坞窗映像是从jboss/keycloak
中提取的.我已经在域test.com
I am using keycloak
for production for the first time. I run keycloak on my local machine and never faced this issue. First I am using docker to run keycloak server. The docker image is pulled from jboss/keycloak
. I have set up my SSL
using letsEncrypt
on my domain test.com
运行docker镜像后,单击管理控制台时出现错误HTTPS-REQUIRED
.在 HERE 阅读了很多相关内容之后, a> HERE 和这里我意识到我需要在自己的域上使用SSL.
After running the docker image I ended up getting error HTTPS-REQUIRED
when I click on administrative console. After reading up a lot about this from HERE HERE and HERE I realized I need SSL on my domain which I did.
我还在docker命令中传递了PROXY_ADDRESS_FORWARDING=true
.这就是我的运行方式.
I also pass PROXY_ADDRESS_FORWARDING=true
in my docker command. This is how I run it.
docker run -e KEYCLOAK_USER=temp -e KEYCLOAK_PASSWORD=temp -e PROXY_ADDRESS_FORWARDING=true -p 9090:8080 jboss/keycloak
我的NGINX服务器块看起来像
My NGINX server block looks like
map $sent_http_content_type $expires {
default off;
text/html epoch; #means no cache, as it is not a static page
text/css max;
application/javascript max;
application/woff2 max;
~image/ 30d; #it is only the logo, so maybe I could change it once a month now
}
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name test.com www.test.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location /auth/ {
proxy_pass http://x.x.x.x:9090/auth/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
return 301 https://$server_name$request_uri;
}
server {
# SSL configuration
#
#listen 443 ssl http2 default_server;
listen 443 ssl default_server;
#listen [::]:443 ssl http2 default_server; # does not work properly with Angular, TODO research about this
listen [::]:443 ssl default_server;
expires $expires;
include snippets/ssl-test.com.conf;
include snippets/ssl-params.conf;
}
每次我访问text.com或www.test.com时,通过设置ssl都具有https.但是当我执行test.com:9090时,它说不安全.所以我尝试了IP:9090,但是没有https.
By setting up ssl everytime I go to text.com or www.test.com it has https. But when I do test.com:9090 it says not secure. So I try IP:9090 which works but without https.
现在,每次我访问IP:9090时,都可以看到密钥斗篷的主页,但是在单击管理控制台后,我会收到HTTPS-REQUIRED错误.我的配置或设置keycloak/ssl/nginx配置中缺少什么?
Now every time I go to IP:9090 I can see the main page of keycloak but after I click on administrative console I get HTTPS - REQUIRED error. What am I missing in my configuration or setting up keycloak/ssl/nginx config?
主要遵循此设置用于生产的Nginx
: 将位置/auth/从第一个服务器块移到第二个服务器块,它可以工作.认为这会有所帮助.
: Move the location /auth/ from first to second server block and it works. Thought it would be helpful.
推荐答案
正确的结构
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name test.com www.test.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
return 301 https://$server_name$request_uri;
}
server {
# SSL configuration
#
#listen 443 ssl http2 default_server;
listen 443 ssl default_server;
#listen [::]:443 ssl http2 default_server; # does not work properly with Angular, TODO research about this
listen [::]:443 ssl default_server;
expires $expires;
location /auth/ {
proxy_pass http://x.x.x.x:9090/auth/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
include snippets/ssl-test.com.conf;
include snippets/ssl-params.conf;
}
这篇关于使用Nginx SSL的Keycloak docker HTTPS-REQUIRED的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!