nginx ssl需要密钥斗篷docker HTTPS
我第一次在生产中使用nginx ssl需要密钥斗篷docker HTTPS,ssl,nginx,https,proxy,keycloak,Ssl,Nginx,Https,Proxy,Keycloak,我第一次在生产中使用keydape。我在本地机器上运行keydeave,从未遇到过这个问题。首先,我使用docker运行KeyClope服务器。docker映像是从jboss/keydape中提取的。我已在我的域test.com 在运行docker映像之后,当我单击管理控制台时,我得到了错误HTTPS-REQUIRED。在读了很多关于这方面的文章后,我意识到我需要在我的域上使用SSL,我确实需要SSL 我还在docker命令中传递PROXY\u ADDRESS\u FORWARDING=true
keydape
。我在本地机器上运行keydeave,从未遇到过这个问题。首先,我使用docker运行KeyClope服务器。docker映像是从jboss/keydape中提取的。我已在我的域test.com
在运行docker映像之后,当我单击管理控制台时,我得到了错误HTTPS-REQUIRED
。在读了很多关于这方面的文章后,我意识到我需要在我的域上使用SSL,我确实需要SSL
我还在docker命令中传递PROXY\u ADDRESS\u FORWARDING=true
。我就是这样做的
docker run -e KEYCLOAK_USER=temp -e KEYCLOAK_PASSWORD=temp -e PROXY_ADDRESS_FORWARDING=true -p 9090:8080 jboss/keycloak
我的NGINX服务器块看起来像
map $sent_http_content_type $expires {
default off;
text/html epoch; #means no cache, as it is not a static page
text/css max;
application/javascript max;
application/woff2 max;
~image/ 30d; #it is only the logo, so maybe I could change it once a month now
}
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name test.com www.test.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location /auth/ {
proxy_pass http://x.x.x.x:9090/auth/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
return 301 https://$server_name$request_uri;
}
server {
# SSL configuration
#
#listen 443 ssl http2 default_server;
listen 443 ssl default_server;
#listen [::]:443 ssl http2 default_server; # does not work properly with Angular, TODO research about this
listen [::]:443 ssl default_server;
expires $expires;
include snippets/ssl-test.com.conf;
include snippets/ssl-params.conf;
}
通过设置ssl,每次我访问text.com或www.test.com时,它都有https。但当我做test.com:9090时,它说不安全。所以我尝试IP:9090,它可以工作,但没有https
现在,每次我转到IP:9090,我都可以看到KeyClope的主页,但在单击管理控制台后,我会得到HTTPS要求的错误。我在配置或设置keydape/ssl/nginx配置时缺少什么
大多数人都是这样做的
编辑::
将位置/auth/从第一个服务器块移动到第二个服务器块,它就会工作。我想这会有帮助的 正确的结构
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name test.com www.test.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
return 301 https://$server_name$request_uri;
}
server {
# SSL configuration
#
#listen 443 ssl http2 default_server;
listen 443 ssl default_server;
#listen [::]:443 ssl http2 default_server; # does not work properly with Angular, TODO research about this
listen [::]:443 ssl default_server;
expires $expires;
location /auth/ {
proxy_pass http://x.x.x.x:9090/auth/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
include snippets/ssl-test.com.conf;
include snippets/ssl-params.conf;
}
你可以回答你自己的问题。这会将您的问题标记为已回答,并作为奖励,给您声誉点数。