nginx登录失败,post中缺少端口号等
KeyClope在进入页面时失去对传递的端口号的控制:30666 但是,“提交”按钮不包含ip+端口号,此处仅使用ip地址。因为帖子失败了 重定向失败了 我如何让KeyClope在代理后工作? KeyClope在NGinx代理后面的kubernetes集群中运行,配置如下:nginx登录失败,post中缺少端口号等,nginx,proxy,keycloak,Nginx,Proxy,Keycloak,KeyClope在进入页面时失去对传递的端口号的控制:30666 但是,“提交”按钮不包含ip+端口号,此处仅使用ip地址。因为帖子失败了 重定向失败了 我如何让KeyClope在代理后工作? KeyClope在NGinx代理后面的kubernetes集群中运行,配置如下: worker_processes 1; error_log /dev/stderr warn; events { worker_connections 1024; } # make sure to set
worker_processes 1;
error_log /dev/stderr warn;
events {
worker_connections 1024;
}
# make sure to set plaintext JWT_SECRET environment variable
env JWT_SECRET;
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /dev/stdout main;
lua_package_path "/usr/local/openresty/lualib/?.lua;;";
server {
listen 8080;
root /;
# load index page from nginx implementing the KC javascript:
location / {
index index.htm index.html;
}
location /auth {
proxy_pass http://idp:8080/auth;
proxy_http_version 1.1; # this is essential for chunked responses to work
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
# Secured endpoints
location /secure/ {
access_by_lua_file /bearer.lua;
default_type text/plain;
echo "<p>i am protected by jwt<p>";
}
}
}
问题是
proxy\u set\u头$host
,它应该是$host:$server\u port
此外,不需要为代理URL添加后缀/auth URI。如果未指定,则Nginx将在不更改URI的情况下传输URI
配置应为:
location /auth {
proxy_pass http://idp:8080;
...
proxy_set_header Host $host:$server_port;
参考文献
注意:KeyClope客户端可能需要HTTPS URL。如果您在Nginx中启用了HTTPS,那么请记住也要使用x-forwarded-proto头将方案传递给keydape
proxy_set_header x-forwarded-proto $scheme;
您还必须添加以下标题
proxy_set_header X-Forwarded-Port $server_port;
今天,我将在一个或类似的实例后面运行keydeport实例。这样配置就更容易了。
proxy_set_header X-Forwarded-Port $server_port;