I am using keycloak for production for the first time. I run keycloak on my local machine and never faced this issue. First I am using docker to run keycloak server. The docker image is pulled from jboss/keycloak. I have set up my SSL using letsEncrypt on my domain test.com
After running the docker image I ended up getting error HTTPS-REQUIRED when I click on administrative console. After reading up a lot about this from HERE HERE and HERE I realized I need SSL on my domain which I did.
I also pass PROXY_ADDRESS_FORWARDING=true in my docker command. This is how I run it.
docker run -e KEYCLOAK_USER=temp -e KEYCLOAK_PASSWORD=temp -e PROXY_ADDRESS_FORWARDING=true -p 9090:8080 jboss/keycloak
My NGINX server block looks like
map $sent_http_content_type $expires {
default off;
text/html epoch; #means no cache, as it is not a static page
text/css max;
application/javascript max;
application/woff2 max;
~image/ 30d; #it is only the logo, so maybe I could change it once a month now
}
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name test.com www.test.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location /auth/ {
proxy_pass http://x.x.x.x:9090/auth/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
return 301 https://$server_name$request_uri;
}
server {
# SSL configuration
#
#listen 443 ssl http2 default_server;
listen 443 ssl default_server;
#listen [::]:443 ssl http2 default_server; # does not work properly with Angular, TODO research about this
listen [::]:443 ssl default_server;
expires $expires;
include snippets/ssl-test.com.conf;
include snippets/ssl-params.conf;
}
By setting up ssl everytime I go to text.com or www.test.com it has https. But when I do test.com:9090 it says not secure. So I try IP:9090 which works but without https.
Now every time I go to IP:9090 I can see the main page of keycloak but after I click on administrative console I get HTTPS - REQUIRED error. What am I missing in my configuration or setting up keycloak/ssl/nginx config?
mostly followed this setup nginx for production
EDIT:: Move the location /auth/ from first to second server block and it works. Thought it would be helpful.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 疯言疯语 的文章《Keycloak docker HTTPS-REQUIRED with nginx ssl》','https://www.manongdao.com/article-821961.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}