I'm using Keycloak 2.3.0 version, standalone mode, server. I configured IIS URL Rewrite for local Keycloak server running on localhost:8080.
The problem is that there is no way to specify base url in Keycloak, instead Keycloak tries to detect its own host/port and always appends port number (8080) to redirects.
I fixed everything except 'auth-server-url' in config json. Is there any way to get it working?
I've been running Keycloak behind a reverse-proxy for some time. The key is:
to have it configured properly in standalone.xml - HTTPS proxy settings for mydomain.com/sso settings follow:
<http-listener name="default"... -> <http-listener name="default" socket-binding="http" proxy-address-forwarding="true" redirect-socket="proxy-https"/>
<socket-binding name="http"... -> <socket-binding name="proxy-https" port="443"/>
<web-context>auth... -> <web-context>sso</web-context>
to run it on the same context path as the proxy is. Eg. mydomain.com/keycloak -> localhost:8080/keycloak
to access Keycloak admin console from the non-local address for the first time - it generates some of its settings based on this first access
Related
I'm running keycloak version 19.0.1 with no proxy and I want to set a hostname (mykeycloak) as a frontend url to my realm.
I run the keycloak with the command below:
.\kc.bat start-dev --hostname mykeycloak --proxy edge
The configuration endpoint (http://localhost:8080/realms/master/.well-known/uma2-configuration) shows :
{"issuer":"http://mykeycloak/realms/master","authorization_endpoint":"http://mykeycloak/realms/master/protocol/openid-connect/auth",...
I also add the below record to my etc/hosts:
127.0.0.1 mykeycloak
Finally when I want to open the mentioned endpoint (http://mykeycloak/realms/master) I face This site can’t be reached- ERR_CONNECTION_REFUSED
Am I missing something?
At last, this configuration won't work in a public network unless everyone adds the mykeycloak record to their dns.
So what would be the solution that way?
It looks like you are simply missing the port, i.e. it should be http://mykeycloak:8080/realms/master.
If you want to have keycloak accessible on default ports, e.g. 80 or 443, you either need a proxy running on those ports, forwarding to keycloak on 8080 and 8443, or you run keycloak itself on those ports (but that's a bad idea for security reasons).
I have a Linux Centos v7.9 with Apache installed. I published my web project to the server. For the backend I set it on port 90 and created a configuration file for apache with proxy server (to redirect to another port 31031, where .net 5 is listening and handling the requests. This works fine when I request my server ip with port 90. But when I wanted to set the backend as subdomain like api.domain.com and modified the configuration file, .net 5 is not handling the request anymore. When I request api.domain.com I see folder structure. What did I miss?
Here is the .conf file:
Service file:
Subdomain from cpanel:
Thanks.
First some context
We have an Ubuntu Server 18.04 LTS server running on Azure
Our company security policies only allows for ports 80 and 443 to be accessed thru HTTP/HTTPS
Any applications such as Jenkins or NodeJS ones running on other ports should use a reverse proxy thru Apache
The same server already has Jenkins running on port 8080 and Jenkins itself can be configured to run using what they call a "--path" parameter which makes it accessible thru URL http://localhost:8080/jenkins, hence reverse proxy is pretty straight forward to configure as anything going to "/jenkins" can just be pass to http://localhost:8080/jenkins, current Apache config (which is working for Jenkins) as follows:
# Jenkins
ProxyPass /jenkins http://localhost:8080/jenkins nocanon
ProxyPassReverse /jenkins http://localhost:8080/jenkins
ProxyRequests Off
AllowEncodedSlashes NoDecode
<Proxy http://localhost:8080/jenkins*>
Order deny,allow
Allow from all
</Proxy>
The problem we are facing
So, for running OpenTest, we have to install it as a npm package which can then be executed by running opentest server command, it will start the application on port 3000 by default http://localhost:3000 but it is possible to change the preferred port as well thru configuration https://getopentest.org/reference/configuration.html#server-configuration
The problem is that we need to re-route anything, let's say going to "/opentest" to the opentest server app but that doesn't work for all static assets, api urls, etc... since the app is just running on port 3000 http://localhost:3000 but doesn't seems to have something like the Jenkins' "--path", so we can't just mimic the same reverse proxy we have for Jenkins; the idea would be to have opentest in path "/opentest", something like http://localhost:3000/opentest.
We were not able to find any OpenTest configuration that allows me to do something like http://localhost:3000/opentest and we are new to pm2 so we can't tell if it is possible to use pm2 to to run the OpenTest application in a "path" or some sort of "local known application domain" which we could use to re-route the reverse proxy to.
Any thoughts, ideas, workarounds or solutions are welcome; we might be taking the wrong approach here so we would also appreciate any insights in that regard.
Thanks!
Starting with version 1.2.0, you can use the urlPrefix configuration parameter in server.yaml to accomplish this:
#...
urlPrefix: /opentest
Is it possible to run Both node and Apache on the same domain without adding the port in the URL ?
and serve both on the same page, i already have node running on port 8443 and Apache on port 433 and they both work fine but i need to specify in the link the port "8443" to access node which is not what i want,
i want to serve both on the same URL if possible without adding the port to the URL.
You can use Apache reverse proxy
Add this configuration to your apache conf.
ProxyPass "/nodeapp" "http:/localhost:8443"
You can access node application by http://www.example.com/nodeapp
A reverse proxy is a type of proxy server that retrieves resources on behalf of a client from server. These resources are then returned to the client as if they originated from the web server itself.
You can set an nginx proxy before them and separate routes to apache or node.
https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/
I'm trying to setup IIS 7.5 as reverse proxy to connect to Tomcat 7 via ARR 3.
For some reason when IIS forwards the request, the x-forwarded-for header contains the remote port, so instead of showing something like: 123.124.125.126 I see 123.124.125.126:54321
Unfortunately that does not work with RemoteIpValve, which expects the IP address only.
Is there a way to remove the port from IIS? or in RemoteIpValve?
Update: I tried running the command below and I can see that it updated applicationHost.config but I still see the port number (restarted IIS):
appcmd.exe set config -section:system.webServer/proxy /includePortInXForwardedFor:"false" /commit:apphost
Thanks!
I ended up using the following workaround:
On IIS, in %System32%/inetsrv/config/applicationHost.config I added the following snippet at system.webServer/rewrite/globalRules/rule [name=ARR*]:
<severVariables>
<set name="HTTP_X_REMOTE_ADDR" value="{REMOTE_ADDR}" />
</severVariables>
Then I specified that name to the RemoteIpValve in Tomcat's server.xml
<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="x-remote-addr" />
To use the newly added header instead of X-Forwarded-For