I have the following issue.
Both, my KeyCloak and the Client are behind a reverse Proxy.
My reverse Proxy Configuration for the Client:
server_name my.domain.here.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
proxy_pass http://127.0.0.1:9254;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
}
When the Client now tries to sign in with oAuth, KeyCloak has the following error:
Invalid parameter: redirect_uri
Because the valid redirect URI I specified is: my.domain.here.com/*
And the requestion redirect URI is: http://localhost/9254/*
Is there a way, to pass the server-name to the KeyCloak?
Related
I have a keycloak, react web and a spring boot app are living behind nginx.
The frontend (react) and the backend (spring boot) are calling the keycloak service over the nginx proxy at the flowing urls:
realms/.../..etc
admin/.../..etc
js/.../.../..etc
resources/.../...etc
All those urls are reverse proxing to:
Http://keylock:8180
I don't want to implements multiple locations in nginx for all those urls!
I am thinking about url rewriting to
auth/realms/...
auth/dmin/..
...
Or another clean solution with regex, but i don't know how.
You can use the rewrite module for this.
location /auth {
rewrite ^/auth(/|$)(.*) /$2/ break;
proxy_pass http://keylock:8180;
}
In fact, with this method, I get the second part of the url and proxy it.
For example, when request send to /auth/realms/... the url rewrite to /realms/... and send it to keycloak http://keylock:8180/realms/...
this worked for me
location ~ ^/(realms|js|resources|admin)/ {
proxy_set_header Referer $http_referer;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header Host $http_host;
proxy_pass http://keycloak;
proxy_redirect off;
}
I have a Nginx server with reverse proxy for my API. How can I return the website host URL instead of returning the API URL api.example.com, because when I make a request from website it returns the API URL not the website URL app.example.com.
location /api/1 {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Connection 'updgrade';
proxy_set_header Host $host;
proxy_pass https://api.example.com/rest;
proxy_ssl_server_name on;
}
p/s: sorry for my bad english
if you want to change url in returned your application code and your application behind the proxy makes references to api.example.com instead of app.example.com, you need to change your application logic to return correct URL in this use case.
Or use sub_filter module, But you need to check your nginx was built with this module.
I have an api server I am reverse proxying with nginx. It is functionally working but I want to change the current behavior.
api server url:
http://apiserver:5000/api/v1/ping
the above becomes accessible by this nginx url (see the double 'api' part?):
https://nginxserver/api/api/v1/ping
How can I write the config so that /api hits the api server but without adding an additional 'api' to the nginx url.
location ^~ /api {
proxy_pass http://apiserver:5000/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Script-Name /api;
}
I have certain app running on port 8585. Every time I hit localhost:8585, it will redirect me to localhost:8585/ui/home/.
Now I'm trying to setup nginx proxy_pass for this, so every time I hit localhost/myapp it should redirect to localhost:8585.
This is my setup:
location /myapp/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8585/;
proxy_redirect off;
}
Now, everytime I hit localhost/myapp, the url is changed to localhost/ui/home/ and returns 404.
What is the correct setup for achieve this?
I have nginx as a proxy server: client -> nginx (server1:80) -> server (server2:81)
The client requests a json resource (HAL format) from the server in which the server generates the needed URIs inside the JSON+HAL resource.
I'm using proxy_pass in nginx config:
location /context {
proxy_cache one;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_redirect off;
rewrite /context(.*) $1 break;
proxy_pass http://server2:81;
}
The problem is that the generated URIs from server2 do not contain the context root /context.
Example:
Client request URI -> http://server1/context/foo/bar
URI used by server1 (nginx) to request server2 -> http://server2:81/foo/bar
The generated URIs in the response JSON is http://server1/foo/bar/baz as it should be http://server1/context/foo/bar/baz
Is there a way to tell server2 that the GET header is /context/foo/bar that server2 generates the correct URI in its response? (it's a .NET server and they are using the HttpHelper class to generate the URI).