Fatal编程技术网
  • ssl/
  • nginx ssl需要密钥斗篷docker HTTPS

nginx ssl需要密钥斗篷docker HTTPS

ssl nginx https proxy keycloak

nginx ssl需要密钥斗篷docker HTTPS,ssl,nginx,https,proxy,keycloak,Ssl,Nginx,Https,Proxy,Keycloak,我第一次在生产中使用keydape。我在本地机器上运行keydeave,从未遇到过这个问题。首先,我使用docker运行KeyClope服务器。docker映像是从jboss/keydape中提取的。我已在我的域test.com 在运行docker映像之后,当我单击管理控制台时,我得到了错误HTTPS-REQUIRED。在读了很多关于这方面的文章后,我意识到我需要在我的域上使用SSL,我确实需要SSL 我还在docker命令中传递PROXY\u ADDRESS\u FORWARDING=true

我第一次在生产中使用
keydape
。我在本地机器上运行keydeave,从未遇到过这个问题。首先,我使用docker运行KeyClope服务器。docker映像是从jboss/keydape中提取的。我已在我的域
test.com

在运行docker映像之后,当我单击管理控制台时,我得到了错误
HTTPS-REQUIRED
。在读了很多关于这方面的文章后,我意识到我需要在我的域上使用SSL,我确实需要SSL

我还在docker命令中传递
PROXY\u ADDRESS\u FORWARDING=true
。我就是这样做的

docker run -e KEYCLOAK_USER=temp -e KEYCLOAK_PASSWORD=temp -e PROXY_ADDRESS_FORWARDING=true -p 9090:8080 jboss/keycloak
我的NGINX服务器块看起来像

  map $sent_http_content_type $expires {
    default                    off;
    text/html                  epoch; #means no cache, as it is not a static page
    text/css                   max;
    application/javascript     max;
    application/woff2          max;
    ~image/                    30d; #it is only the logo, so maybe I could change it once a month now
}

server {
    listen 80 default_server;
    listen [::]:80 default_server;


    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name test.com www.test.com;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }


    location /auth/ {
            proxy_pass http://x.x.x.x:9090/auth/;

          proxy_http_version 1.1;

          proxy_set_header Host               $host;
          proxy_set_header X-Real-IP          $remote_addr;
          proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto  $scheme;
    }  


        return 301 https://$server_name$request_uri;
}


server {
    # SSL configuration
    #

    #listen 443 ssl http2 default_server;
    listen 443 ssl default_server;
    #listen [::]:443 ssl http2 default_server; # does not work properly with Angular, TODO research about this
    listen [::]:443 ssl default_server;

    expires $expires;

    include snippets/ssl-test.com.conf;
    include snippets/ssl-params.conf;

}
通过设置ssl,每次我访问text.com或www.test.com时,它都有https。但当我做test.com:9090时,它说不安全。所以我尝试IP:9090,它可以工作,但没有https

现在,每次我转到IP:9090,我都可以看到KeyClope的主页,但在单击管理控制台后,我会得到HTTPS要求的错误。我在配置或设置keydape/ssl/nginx配置时缺少什么

大多数人都是这样做的

编辑:: 将位置/auth/从第一个服务器块移动到第二个服务器块,它就会工作。我想这会有帮助的

正确的结构

server {
    listen 80 default_server;
    listen [::]:80 default_server;


    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name test.com www.test.com;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }





        return 301 https://$server_name$request_uri;
}


server {
    # SSL configuration
    #

    #listen 443 ssl http2 default_server;
    listen 443 ssl default_server;
    #listen [::]:443 ssl http2 default_server; # does not work properly with Angular, TODO research about this
    listen [::]:443 ssl default_server;

    expires $expires;
    location /auth/ {
            proxy_pass http://x.x.x.x:9090/auth/;

          proxy_http_version 1.1;

          proxy_set_header Host               $host;
          proxy_set_header X-Real-IP          $remote_addr;
          proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto  $scheme;
    }  
    include snippets/ssl-test.com.conf;
    include snippets/ssl-params.conf;

}
你可以回答你自己的问题。这会将您的问题标记为已回答,并作为奖励,给您声誉点数。