Keycloak blank page behind nginx reverse proxy

nginx reverse-proxy single-sign-on mixed-content

Solution 1:

Your Nginx configuration looks fine. I recently had the same issue as you had and had more or less the same Nginx configuration.

The only thing I still needed to do is to update the standalone configuration file in the KeyCloak folder. You can find this file at keycloak_folder/standalone/configuration/standalone.xml.

Here you will have to look for the following (+- line 572):

<server name="default-server">
    <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true" />
    ...
</server>

And add the proxy-address-forwarding=true like this:

<server name="default-server">
    <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true" proxy-address-forwarding="true" />
    ...
</server>

This will make sure that your internal KeyCloak JBoss server is aware of the proxy address.

Solution 2:

Keycloak accepts PROXY_ADDRESS_FORWARDING env which gets placed in the standalone.xml

<http-listener name="default" socket-binding="http" redirect-socket="https" proxy-address-forwarding="${env.PROXY_ADDRESS_FORWARDING:false}" enable-http2="true"/>

provide PROXY_ADDRESS_FORWARDING to docker either with docker -e or docker-compose environment section

Related

Ansible SSL certificate failed- urlopen error
Why Debian APT is not listing the same upgrades on two different servers with the same APT config?
How to copy Cyberduck bookmarks to another MacBook?
How do I uncompress vmlinuz to vmlinux?
How to reset a broken TTY?
How does a computer know which device is connected to the usb port?
Is it possible to use global IP addresses without internet?
Can two drives connected to a USB hub bypass the computer when sharing data?
Can I make a video not downloadable? [closed]
How to convert an unknown file to MP3?
What key on a Mac keyboard corresponds to the ⇥ symbol?
zsh post command function/hook