keycloak反向代理后面的参数：redirect_uri无效

1 回答

• 1

  关键是在https://www.keycloak.org/docs/latest/server_installation/index.html#identifying-client-ip-addresses的文档中

  必须设置 proxy-address-forwarding 以及各种 X-... 标头 .

  如果你正在使用https://hub.docker.com/r/jboss/keycloak/中的Docker镜像，那么设置env . arg -e PROXY_ADDRESS_FORWARDING=true .

  server {
    server_name api.domain.com;
  
    location /auth {
      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;
  
      proxy_pass          http://localhost:8080;
      proxy_read_timeout  90;
  
   }
  
    location / {
      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;
  
      proxy_pass          http://localhost:8081;
      proxy_read_timeout  90;
    }
  
  
  
      listen 443 ssl; # managed by Certbot
      ssl_certificate /etc/letsencrypt/live/api.domain.com/fullchain.pem; # managed by Certbot
      ssl_certificate_key /etc/letsencrypt/live/api.domain.com/privkey.pem; # managed by Certbot
      include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
      ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
  
  }
  server {
      if ($host = api.domain.com) {
          return 301 https://$host$request_uri;
      } # managed by Certbot
  
  
    server_name api.domain.com;
      listen 80;
      return 404; # managed by Certbot
  }
  

  如果您正在使用其他代理，则重要的部分是正在设置的标头：

  proxy_set_header        Host $host;
  proxy_set_header        X-Real-IP $remote_addr;
  proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header        X-Forwarded-Proto $scheme;
  

  Apache，ISTIO和其他人都有自己的设置方法 .

  回复于 2024-04-28T14:42:28+08:00