Keycloak with NGINX proxy server not authenticating rest api

匿名 (未验证) 提交于 2019-12-03 02:27:02

问题:

I have a sample app which correctly secures the rest api locally without nginx. Now when I put this in production behind a nginx proxy it does not work. No errors. It allows all request.

Front end serer with ssl is https://frontend.com

Back end server with ssl is https://backend.com

Keycloak proxy forward is true

Front end server(node server on 9000) <-> NGINX <-> Keycloak (running on 8180)

nginx file sample

upstream keycloak_server {   server localhost:8180; }  upstream node_server {   server localhost:9000; }  location /auth/ {   proxy_pass http://keycloak_server;   proxy_http_version 1.1;   proxy_set_header Host              $host;   proxy_set_header X-Real-IP         $remote_addr;   proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;   proxy_set_header X-Forwarded-Proto $scheme; }   location / {   proxy_pass http://node_server;   proxy_http_version 1.1;   proxy_set_header Host              $host;   proxy_set_header X-Real-IP         $remote_addr;   proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;   proxy_set_header X-Forwarded-Proto $scheme; }

Front end server calls a backend api using Angular. REST api calls looks like https://backend.com/callTest

Backend server(running on tomcat) <-> NGINX <-> Spring Boot(with keycloak)

nginx sample

location / {   proxy_pass http://127.0.0.1:8080/dt-1.0/;   proxy_http_version 1.1;   proxy_set_header Host               $host;   proxy_set_header X-Real-IP          $remote_addr;   proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;   proxy_set_header X-Forwarded-Proto  $scheme; }

in angular keycloak.json looks like

{   "realm": "demo",   "auth-server-url": "https://frontend.com/auth",   "ssl-required": "none",   "resource": "tutorial-frontend",   "public-client": true }

in spring boot keycloak properties look like

  keycloak.auth-server-url=https://frontend.com/auth   keycloak.realm=demo   keycloak.resource=tutorial-frontend   keycloak.public-client=true   keycloak.bearer-only = true   keycloak.cors = true   keycloak.security-constraints[0].authRoles[0]=user   keycloak.security-constraints[0].securityCollections[0].patterns[0]=/*

Please let me know how to correct this. I would really appreciate it.

标签
nginx
host
header
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!