Great Blog

09 Mar 2021

Keycloak behind NGiNX

Configure NGiNX

nano /etc/nginx/conf.d/sso.domain.com.conf

server {
    listen      443 ssl http2;
    server_name sso.domain.com;

    ssl_certificate /etc/nginx/ssl/sso.domain.com/fullchain.crt;
    ssl_certificate_key /etc/nginx/ssl/sso.domain.com/key;
    ssl_session_timeout 5m;

     location / {
            proxy_pass          http://127.0.0.1:8080/;
            proxy_set_header    Host               $host;
            proxy_set_header    X-Real-IP          $remote_addr;
            proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;
            proxy_set_header    X-Forwarded-Host   $host;
            proxy_set_header    X-Forwarded-Server $host;
            proxy_set_header    X-Forwarded-Port   $server_port;
            proxy_set_header    X-Forwarded-Proto  $scheme;
        }
}

Configure Keycloak

The following is needs to be ran for Keycloak to work behind nginx

  1. cd bin

  2. ./jboss-cli.sh 'embed-server,/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true)'

  3. ./jboss-cli.sh 'embed-server,/socket-binding-group=standard-sockets/socket-binding=proxy-https:add(port=443)'

4 ./jboss-cli.sh 'embed-server,/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=redirect-socket,value=proxy-https)'

  1. systemctl enable keycloak --now