Keycloak docker HTTPS-REQUIRED 与 nginx ssl

Question

我是keycloak第一次用于生产。我在本地计算机上运行 keycloak，从未遇到过这个问题。首先，我使用 docker 来运行 keycloak 服务器。docker 镜像是从jboss/keycloak. 我已经在我的域上设置了SSL使用letsEncrypttest.com

HTTPS-REQUIRED运行 docker 映像后，当我单击管理控制台时，我最终收到错误。从HERE HERE和HERE阅读了很多相关内容后，我意识到我的域名需要 SSL，我确实这么做了。

我还传递PROXY_ADDRESS_FORWARDING=true了我的 docker 命令。我就是这样运行的。

docker run -e KEYCLOAK_USER=temp -e KEYCLOAK_PASSWORD=temp -e PROXY_ADDRESS_FORWARDING=true -p 9090:8080 jboss/keycloak

我的 NGINX 服务器块看起来像

  map $sent_http_content_type $expires {
    default                    off;
    text/html                  epoch; #means no cache, as it is not a static page
    text/css                   max;
    application/javascript     max;
    application/woff2          max;
    ~image/                    30d; #it is only the logo, so maybe I could change it once a month now
}

server {
    listen 80 default_server;
    listen [::]:80 default_server;


    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name test.com www.test.com;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }


    location /auth/ {
            proxy_pass http://x.x.x.x:9090/auth/;

          proxy_http_version 1.1;

          proxy_set_header Host               $host;
          proxy_set_header X-Real-IP          $remote_addr;
          proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto  $scheme;
    }  


        return 301 https://$server_name$request_uri;
}


server {
    # SSL configuration
    #

    #listen 443 ssl http2 default_server;
    listen 443 ssl default_server;
    #listen [::]:443 ssl http2 default_server; # does not work properly with Angular, TODO research about this
    listen [::]:443 ssl default_server;

    expires $expires;

    include snippets/ssl-test.com.conf;
    include snippets/ssl-params.conf;

}

通过每次访问 text.com 或 www.test.com 时设置 ssl，它都会有 https。但是当我执行 test.com:9090 时，它说不安全。所以我尝试IP：9090，它可以工作，但没有https。

现在，每次我访问 IP:9090 时，我都可以看到 keycloak 的主页，但在单击管理控制台后，我收到 HTTPS - REQUIRED 错误。我的配置或设置 keycloak/ssl/nginx 配置中缺少什么？

大多数情况下都遵循此设置 nginx 进行生产

编辑:: 将位置 /auth/ 从第一个服务器块移动到第二个服务器块并且它可以工作。认为这会有帮助。

Answer 1

正确的结构

server {
    listen 80 default_server;
    listen [::]:80 default_server;


    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name test.com www.test.com;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }





        return 301 https://$server_name$request_uri;
}


server {
    # SSL configuration
    #

    #listen 443 ssl http2 default_server;
    listen 443 ssl default_server;
    #listen [::]:443 ssl http2 default_server; # does not work properly with Angular, TODO research about this
    listen [::]:443 ssl default_server;

    expires $expires;
    location /auth/ {
            proxy_pass http://x.x.x.x:9090/auth/;

          proxy_http_version 1.1;

          proxy_set_header Host               $host;
          proxy_set_header X-Real-IP          $remote_addr;
          proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto  $scheme;
    }  
    include snippets/ssl-test.com.conf;
    include snippets/ssl-params.conf;

}