Running Keycloak 17.0.1 behind nginx

1,118 views
Skip to first unread message

Sebastian Thörn

unread,
Apr 20, 2022, 4:03:57 AM4/20/22
to Keycloak User

Hello,
I'm having trouble with Keycloak 17.0.1 behind an nginx-reverse-proxy.

My setup consists of my webbrowser connecting to an nginx-server on port 443, that proxies that traffice onwards to Keycloak on port 8443.
Nginx and Keycloak are running on 2 different servers.
In the back i have a postgres that also runs on a different server.

[Browser] -> [nginx:443] -> [Keycloak:8443]

When running with the below configuration it seems to work, but when I get logged in the page shows nothing.

There is only a white frame but nothing in it, there is no errors in the developer-mode for the browser.

image_01.PNG

image_02.PNG

image_03.PNG

Am I missing something in my configurations?

Best Regards, Sebastian Thörn



Configurations:

nginx-configuration:
############################################################
# idp-zp.zp.mega-secret.org
############################################################
upstream keycloak_servers {
  server 10.70.81.67:8443;
}

server {
  listen 443 ssl;
  ssl_certificate     /etc/nginx/certs/idp-zp.zp.mega-secret.org.crt;
  ssl_certificate_key /etc/nginx/certs/idp-zp.zp.mega-secret.org.key;

  server_name idp-zp.zp.mega-secret.org;

  location / {

    proxy_set_header Host               $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Real-IP          $remote_addr;
    proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host   $host;
    proxy_set_header X-Forwarded-Proto  $scheme;
    proxy_set_header X-Forwarded-Port   $server_port;
    proxy_set_header X-SMA-Trace-Id     $request_id;

    proxy_pass https://keycloak_servers;
  }
}


Dockerfile for keycloak
FROM {{ keycloak_docker_src_image }} as builder

ENV KC_METRICS_ENABLED=true
ENV KC_FEATURES=token-exchange
ENV KC_DB=postgres
RUN /opt/keycloak/bin/kc.sh build

FROM {{ keycloak_docker_src_image }}
COPY --from=builder /opt/keycloak/lib/quarkus/ /opt/keycloak/lib/quarkus/
WORKDIR /opt/keycloak

ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start"]


docker-compose for keycloak
---

version: "3.7"

services:

  keycloak:
    container_name: keycloak
    image: "harbor.container.zp.mega-secret.org:8443/it-service/keycloak-zp:seventeen_o_one"
    ports:
      - "8443:8443"
    environment:
      KC_HOSTNAME: idp-zp.zp.mega-secret.org:443
      KC_DB: postgres
      KC_DB_USERNAME: pqgs_username
      KC_DB_PASSWORD: sdfgsdfgsdfgsdf
      KC_DB_URL_HOST: 10.70.81.70:5432
      KC_DB_URL_DATABASE: keycloak
      KC_HTTPS_CERTIFICATE_FILE: /etc/x509/https/cert.crt
      KC_HTTPS_CERTIFICATE_KEY_FILE: /etc/x509/https/cert.key
      KEYCLOAK_ADMIN: HRuR2rPBG3HzLz2sWjAy3sJNkC5yLfb5
      KEYCLOAK_ADMIN_PASSWORD: qVCgjTjvDJ68ktWSHnqsjpPQSnQkHLS4
      KC_PROXY: reencrypt
      PROXY_ADDRESS_FORWARDING: "true"
      KC_HOSTNAME_STRICT_HTTPS: "false"
      KC_HOSTNAME_STRICT: "false"
      KC_LOG_LEVEL: "DEBUG"
    volumes:
      - ./cert.crt:/etc/x509/https/cert.crt
      - ./cert.key:/etc/x509/https/cert.key
    restart: "no"

Reply all
Reply to author
Forward
0 new messages