Keycloak docker需要使用HTTPS，结合nginx ssl实现。

Question

Keycloak docker需要使用HTTPS，结合nginx ssl实现。

5

我第一次在生产环境中使用keycloak。我在本地机器上运行keycloak并从jboss/keycloak中拉取docker镜像来运行keycloak服务器。我已经使用letsEncrypt在我的域名test.com上设置了SSL。

在运行docker镜像后，当我单击管理控制台时，出现错误HTTPS-REQUIRED。通过阅读这里、这里和这里，我意识到我需要在我的域名上启用SSL，我也在docker命令中传递了PROXY_ADDRESS_FORWARDING=true参数进行了运行。下面是我的docker命令：

docker run -e KEYCLOAK_USER=temp -e KEYCLOAK_PASSWORD=temp -e PROXY_ADDRESS_FORWARDING=true -p 9090:8080 jboss/keycloak

我的NGINX服务器块如下所示：

  map $sent_http_content_type $expires {
    default                    off;
    text/html                  epoch; #means no cache, as it is not a static page
    text/css                   max;
    application/javascript     max;
    application/woff2          max;
    ~image/                    30d; #it is only the logo, so maybe I could change it once a month now
}

server {
    listen 80 default_server;
    listen [::]:80 default_server;


    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name test.com www.test.com;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }


    location /auth/ {
            proxy_pass http://x.x.x.x:9090/auth/;

          proxy_http_version 1.1;

          proxy_set_header Host               $host;
          proxy_set_header X-Real-IP          $remote_addr;
          proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto  $scheme;
    }  


        return 301 https://$server_name$request_uri;
}


server {
    # SSL configuration
    #

    #listen 443 ssl http2 default_server;
    listen 443 ssl default_server;
    #listen [::]:443 ssl http2 default_server; # does not work properly with Angular, TODO research about this
    listen [::]:443 ssl default_server;

    expires $expires;

    include snippets/ssl-test.com.conf;
    include snippets/ssl-params.conf;

}

设置SSL后，每当我访问text.com或www.test.com时，它都会变成https。但是当我使用test.com:9090时，它会说不安全。所以我尝试IP:9090，可以使用但没有https。

现在每次我去IP:9090，我可以看到keycloak的主页面，但是当我点击管理控制台后，就会出现HTTPS - REQUIRED错误。我在配置中或设置keycloak/ssl/nginx配置方面缺少了什么？

我大多数时间遵循这个为生产设置nginx 的步骤。

编辑：将位置/ auth /从第一个服务器块移动到第二个服务器块即可解决该问题。希望这有帮助。

- ksernow

你可以回答自己的问题。这将标记你的问题已被解答，并作为奖励，赠送声望积分。 - MadMike

1个回答

网页内容由stack overflow 提供, 点击上面的

可以查看英文原文，
原文链接

- ksernow · Accepted Answer

正确的结构

server {
    listen 80 default_server;
    listen [::]:80 default_server;


    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name test.com www.test.com;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }





        return 301 https://$server_name$request_uri;
}


server {
    # SSL configuration
    #

    #listen 443 ssl http2 default_server;
    listen 443 ssl default_server;
    #listen [::]:443 ssl http2 default_server; # does not work properly with Angular, TODO research about this
    listen [::]:443 ssl default_server;

    expires $expires;
    location /auth/ {
            proxy_pass http://x.x.x.x:9090/auth/;

          proxy_http_version 1.1;

          proxy_set_header Host               $host;
          proxy_set_header X-Real-IP          $remote_addr;
          proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto  $scheme;
    }  
    include snippets/ssl-test.com.conf;
    include snippets/ssl-params.conf;

}