问题
We are using Keycloak 2.0.0.Final installed behind a nginx proxy on a RedHat environment.
We are currently facing a problem with the Reset Password functionality which send an email with the internal server host instead of the external one in the action URL as we are behind a proxy.
I receive this by email: https://internal/auth/realms/MYREALM/login-actions/reset-credentials?code=wYhHP(...) but the end user should see https://external/auth/realms/MYREALM/login-actions/reset-credentials?code=wYhHP(...). The whole proxy settings work perfectly otherwise, it's basically an URL rewriting function.
I found this ticket relating a similar case but the solution isn't ideal: http://lists.jboss.org/pipermail/keycloak-user/2015-October/003428.html
Any hidden properties, settings we could use or solution to fix this issue?
Thanks
回答1:
Nginx sets the emailed URL prefix from the contents of the Host header, so your nginx proxy needs to be configured to pass the Host header intact.
Something like this:
proxy_pass <your internal keycloak URL or IP address>
...
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
...
You may also need to set X-forwarded-proto if your internal URL is not https
来源:https://stackoverflow.com/questions/43077057/keycloak-url-reset-password-email-behind-a-proxy