I installed keycloak following this guide
I can access it using http://pu.bl.ic.ip:8082
Now, I put it behind nginx with the following conf:
server {
if ($host = keycloak.mydomain.com) {
return 301 https://$host:$request_uri;
}
listen 80;
listen [::]:80;
server_name keycloak.mydomain.com;
return 404;
}
server {
listen [::]:443 ssl;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/keycloak.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/keycloak.mydomain.com/privkey.pem; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
server_name keycloak.mydomain.com;
access_log /var/log/nginx/keycloak-access.log;
error_log /var/log/nginx/keycloak-error.log;
location / {
proxy_pass http://127.0.0.1:8082;
}
}
I can access it at https://keycloak.mydomain.com
The problem is the the link on the webpage use 127.0.0.1:8082 as baseurl. How do I use keycloak.mydomain.com instead ?
You have to play with proxy=edge setting and some environement variables (which may differs between v18 and v19. Check examples there: https://github.com/keycloak/keycloak/issues/14452
Or search the issues lists with these environement variable until you find the right combination
KC_HOSTNAME_STRICT
KC_HOSTNAME
KC_HOSTNAME_PORT
KC_HTTP_RELATIVE_PATH
KC_HOSTNAME_URL
KC_HOSTNAME_ADMIN_URL
KC_PROXY
Related
I use TrueNas and the Nextcloud plugin.
Inside the nextcloud jail, I installed certbot and generated a cert for myself.
When loading the nextcloud page in browser now I get an error "err_too_many_redirects", it seems to me that this is a configuration error, but I don't know how to fix it. thank.
upstream php-handler {
server unix:/var/run/nextcloud-php-fpm.sock;
}
# Redirect to HTTPS
server {
server_name my_server_domain;
location ^~ /.well-known/acme-challenge {
# Path to the root of your installation
root /usr/local/www/nextcloud/;
try_files $uri $uri/ =404;
}
location / {
return 301 https://$host:443$request_uri;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /usr/local/etc/letsencrypt/live/my_server_domain/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/my_server_domain/privkey.pe
include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Cert
ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbo
}
server {
listen 443 ssl http2;
server_name my_server_domain;
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# in all major browsers and getting removed from this list
# could take several months.
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains;"
include conf.d/nextcloud.inc;
}
server {
if ($host = my_server_domain) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80;
server_name my_server_domain;
return 404; # managed by Certbot
}
I want to redirect https://*.example.com to https://www.example.com (* being any subdomain).
My Nginx configuration (unrelated lines removed):
server {
server_name www.example.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/vpsuser/example/example;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
listen 443 http2 ssl; # managed by Certbot
listen [::]:443 http2 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 443 http2 ssl;
listen [::]:443 http2 ssl;
server_name example.com *.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
return 301 https://www.example.com$request_uri;
}
When I go to https://s.example.com no redirection happens and browser displays "this connections isn't secure". My code for same logic for http works without any problem.
And when I enter https://example.com it redirects to https://www.example.com successfully.
I tried return 404 to see if it is really done by the same code block and I got 404 page. So, why it redirects https://example.com but not https://*.example.com? How can I solve it?
I am using Django. Just saying if there can be any relation.
Hello I have hard times to configure nginx properly. I would like redirect from https://example.com to https://www.example.com I found a lot of tutorials how to do it but not a single one worked with mine configuration files.
I used letsencrpyt to configure the SSL for me.
Here is the nginx conf file:
server {
server_name IP_ADDRESS example.com www.example.com;
location /static/ {
root /home/user/pyapps/ks_g;
}
location /media/ {
root /home/user/pyapps/ks_g;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name IP_ADDRESS example.com www.example.com;
return 404; # managed by Certbot
}
Add redirect on condition to the server block with SSL or both:
if ($host != www.example.com) {
return 301 https://www.example.com$request_uri;
} # managed by Stack Overflow (sorry cannot hold myself)
This works as the following: if the Host HTTP header not equals www.example.com make permanent redirect to https://www.example.com$request_uri.
I have a domain https://secondubly.tv setup with SSL that redirects to another website - this portion works perfectly fine. I also have a subdomain that I haven't setup with SSL - bot.secondubly.tv but every time I try to access it, I end getting redirected to https://secondubly.tv which in turn redirects me to another website. I imagine it's just ignoring the first block adn going to the block below it. I'm really struggling on how to get this working without SSL, and could use some help.
# Server that handles sending non-SSL traffic to SSL.
server {
listen 80;
listen [::]:80;
server_name bot.secondubly.tv www.bot.secondubly.tv;
location / {
proxy_pass http://localhost:25000;
}
}
server {
server_name secondubly.tv www.secondubly.tv;
return 301 https://twitch.tv/secondubly$request_uri;
listen 443 ssl; # managed by Certbot
ssl_certificate key; # managed by Certbot
ssl_certificate_key key; # managed by Certbot
include ...nginx.conf; # managed by Certbot
ssl_dhparam ...dhparams.pem; # managed by Certbot
}
server {
if ($host = www.secondubly.tv) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = secondubly.tv) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name secondubly.tv www.secondubly.tv;
listen 80;
return 404; # managed by Certbot
}
I feel like I'm just not understanding something really basic here? Why is it skipping the proxy_pass section? The server names are there and they're accurate, so what gives?
I found an answer here but still can make it work, I want just the same thing as him:
https://example.com
https://www.example.com
http://example.com
http://www.example.com
example.com
www.example.com
to all redirect to `https://example.com`
here is my config file
server {
server_name example.com www.example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
# listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = example.com) {
return 301 https://example.com$request_uri;
}
server_name example.com;
listen 80;
listen 443 ssl;
return 404; # managed by Certbot
}
all the redirects are correct except "https://www.example.com", it does not redirect at all.
Where did I do wrong? Please help!
Your cerbot generated configuration looks strange. As mentioned in a comment. Check sudo nginx -t to see if there are any warnings.
To redirect the client request that's sent to https://www.example.com you need a server blog matching www.example.com liste 443 ssl. Please make sure you have the certs including www.example.com as a CN!
In this server blog you can create a redirect with return 301 https://example.com$reuest_uri
Certbot should! generate the right configuration for ssl if your configuration for port 80 (non-ssl) is correct.
server {
server_name example.com;
listen 80;
...
}
server {
server_name www.example.com;
listen 80;
return 301 $scheme://example.com$request_uri;
...
}
This should generate the right ssl configuration using the nginx certbot plugin.