I have a spring boot application (with keycloak adapter) running on port 8000 and keycloak running on 8080
I have edited my /etc/hosts file to route requests coming on my test-domain (foo.bar.com) to route to 127.0.0.1
I am not interested in SSL as of now.
My sample nginx configuration:
server {
listen 80;
server_name foo.bar.com;
location /myapp {
proxy_set_header Host $host/myapp;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port 80;
proxy_set_header X-Forwarded-Proto http;
proxy_pass http://localhost:8000/;
}
location /auth {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8080;
}
}
Question:
Will this sample nginx conf be sufficient? I had some infinite redirects happening. Logs from keycloak adapter in my spring application say:
No State Cookie
If I do not use proxy server and instead configure the app and keycloak talk directly to each other it works. I wonder why proxy server is creating issues.
Did you configure Keycloak so that it knows it's behind a proxy?
E.g. for docker it's the option -e PROXY_ADDRESS_FORWARDING=true
Related
I have following nginx reverse proxy configuration:
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /application {
proxy_pass https://my.url:9443/application;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /dashboard {
proxy_pass http://localhost:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
my location "/" got proxied to my npm dev server, which is working great.
my location "/aplication" got proxied to my application I publish, which is working great, too!
so why does my location "/dashboard" does not work, when proxied to my other npm dev server, which listens on port 3001? What makes my concerns even stronger is the fact, that when I change the port from my default location "/" to 3001, my react app is getting accessed.
my output from sudo netstat -lntp:
tcp 0 0 0.0.0.0:3001 0.0.0.0:* LISTEN 3677/node
I installed a WildFly 26.0.1 together with nginx as a reverse proxy.
Everything seems to work correctly.
Also the deployment of small WebApp war files within WildFlys admin console works.
But there is a problem when deploying large war files.
I have already set client_max_body_size to 100M!
The effect is the following:
While deploying the nginx access.log there shows up an endless loop
POST /management-upload HTTP/1.1" 401 77
Again and again
On the client side the request hangs.
The WildFly Log shows no start of deployment.
While with small war files it says:
POST /management-upload HTTP/1.1" 200 68
btw: When accessing the WildFly directly (not via the nginx proxy) the deployment works
also with large war files
This is my nginx config:
(Replacing my domain with example.com)
server {
server_name www.example.com example.com;
listen 80;
listen [::]:80;
client_max_body_size 100M;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8080;
proxy_read_timeout 90s;
}
location /console {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:9990/console;
proxy_read_timeout 90s;
}
location /management {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:9990/management;
proxy_read_timeout 90s;
}
}
i'm trying to configure Nginx as reverse Proxy for my sec-tool (ZAP). I'm not sure about the configuration part. I think it should be something like that:
server {
listen 443;
server_name ZAP.domain.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8080;
proxy_read_timeout 90;
proxy_redirect http://localhost:8080 https://ZAP.domain.com;
}
}
As long as i know, ZAP operates with the port 8080, but i'm not sure what I've to insert in the "domain" part.
Does anyone have some clues here?
Thank you
I have an nginx and a pgadmin Docker container connected to each other. Only nginx container is exposed to the outside. How can I map pgadmin to a sub URI?
If the host is example.com, I want the pgadmin to be reachable at example.com/pgadmin/. So far, I have this in my nginx.conf file:
location ^~ /pgadmin/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://pgadmin:80/;
}
A request to example.com/pgadmin/ goes through to pgadmin but when pgadmin redirects to the login page, it redirects to example.com/login?next=%2F, not to example.com/pgadmin/login?next=%2F.
How can I make pgadmin to work at example.com/pgadmin?
I understand that you want to map http://pgadmin:80/ to http://example.com/pgadmin/.
Add the below entry in your hosts file to map pgadmin to example.com
pgadmin example.com
Now to map the :80 to /pgadmin, add the following in your nginx.conf :
location /pgadmin {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://pgadmin:80/;
}
I have several services running in docker (using docker-compose), each in its own container.
I am using nginx as the proxy server.
partial nginx.conf:
upstream a_servers {
server a:8080;
}
upstream b_servers {
server b:8080;
}
server {
location / {
proxy_pass http://a_servers/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location /b {
proxy_pass http://b_servers;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
Problem:
These two services both need to load their own /js/build.js file. However, when service b makes a request for /js/build.js, nginx routes it to the first option and makes a request for the build.js from service a instead.
Is there a way to prepend /b to all requests coming from service b? Also, what is the name for what I'm trying to do?