Enhance documentation regarding edge termination (#30170)
Closes #29665 Signed-off-by: Michael Warnecke <WarneckeMichael@web.de>
This commit is contained in:
parent
d29dbf0f7a
commit
0c6558612f
8 changed files with 17 additions and 8 deletions
|
@ -29,6 +29,8 @@ If this header is incorrectly configured, rogue clients can set this header and
|
|||
|
||||
NOTE: When using the `xforwarded` setting, the `X-Forwarded-Port` takes precedence over any port included in the `X-Forwarded-Host`.
|
||||
|
||||
NOTE: If the TLS connection is terminated at the reverse proxy (edge termination), enabling HTTP through the ‘http-enabled’ setting is required.
|
||||
|
||||
== Proxy modes
|
||||
NOTE: The support for setting proxy modes is deprecated and will be removed in a future {project_name} release. Consider configuring accepted reverse proxy headers instead as described in the chapter above. For migration instructions consult the https://www.keycloak.org/docs/latest/upgrading/index.html#deprecated-proxy-option[Upgrading Guide].
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package org.keycloak.config;
|
||||
|
||||
import java.util.Set;
|
||||
import java.util.List;
|
||||
import java.util.TreeSet;
|
||||
|
||||
public class ProxyOptions {
|
||||
|
||||
|
@ -39,7 +40,7 @@ public class ProxyOptions {
|
|||
.category(OptionCategory.PROXY)
|
||||
.description("The proxy address forwarding mode if the server is behind a reverse proxy.")
|
||||
.defaultValue(Mode.none)
|
||||
.deprecated(Set.of(PROXY_HEADERS.getKey()))
|
||||
.deprecated(new TreeSet<>(List.of(PROXY_HEADERS.getKey(), HttpOptions.HTTP_ENABLED.getKey())))
|
||||
.build();
|
||||
|
||||
public static final Option<Boolean> PROXY_FORWARDED_HOST = new OptionBuilder<>("proxy-forwarded-host", Boolean.class)
|
||||
|
|
|
@ -236,7 +236,8 @@ Proxy:
|
|||
|
||||
--proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a
|
||||
reverse proxy. Possible values are: none, edge, reencrypt, passthrough.
|
||||
Default: none. Use the following option instead: proxy-headers.
|
||||
Default: none. Use the following options instead: http-enabled,
|
||||
proxy-headers.
|
||||
--proxy-headers <headers>
|
||||
The proxy headers that should be accepted by the server. Misconfiguration
|
||||
might leave the server exposed to security vulnerabilities. Takes precedence
|
||||
|
|
|
@ -312,7 +312,8 @@ Proxy:
|
|||
|
||||
--proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a
|
||||
reverse proxy. Possible values are: none, edge, reencrypt, passthrough.
|
||||
Default: none. Use the following option instead: proxy-headers.
|
||||
Default: none. Use the following options instead: http-enabled,
|
||||
proxy-headers.
|
||||
--proxy-headers <headers>
|
||||
The proxy headers that should be accepted by the server. Misconfiguration
|
||||
might leave the server exposed to security vulnerabilities. Takes precedence
|
||||
|
|
|
@ -237,7 +237,8 @@ Proxy:
|
|||
|
||||
--proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a
|
||||
reverse proxy. Possible values are: none, edge, reencrypt, passthrough.
|
||||
Default: none. Use the following option instead: proxy-headers.
|
||||
Default: none. Use the following options instead: http-enabled,
|
||||
proxy-headers.
|
||||
--proxy-headers <headers>
|
||||
The proxy headers that should be accepted by the server. Misconfiguration
|
||||
might leave the server exposed to security vulnerabilities. Takes precedence
|
||||
|
|
|
@ -313,7 +313,8 @@ Proxy:
|
|||
|
||||
--proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a
|
||||
reverse proxy. Possible values are: none, edge, reencrypt, passthrough.
|
||||
Default: none. Use the following option instead: proxy-headers.
|
||||
Default: none. Use the following options instead: http-enabled,
|
||||
proxy-headers.
|
||||
--proxy-headers <headers>
|
||||
The proxy headers that should be accepted by the server. Misconfiguration
|
||||
might leave the server exposed to security vulnerabilities. Takes precedence
|
||||
|
|
|
@ -189,7 +189,8 @@ Proxy:
|
|||
|
||||
--proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a
|
||||
reverse proxy. Possible values are: none, edge, reencrypt, passthrough.
|
||||
Default: none. Use the following option instead: proxy-headers.
|
||||
Default: none. Use the following options instead: http-enabled,
|
||||
proxy-headers.
|
||||
--proxy-headers <headers>
|
||||
The proxy headers that should be accepted by the server. Misconfiguration
|
||||
might leave the server exposed to security vulnerabilities. Takes precedence
|
||||
|
|
|
@ -265,7 +265,8 @@ Proxy:
|
|||
|
||||
--proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a
|
||||
reverse proxy. Possible values are: none, edge, reencrypt, passthrough.
|
||||
Default: none. Use the following option instead: proxy-headers.
|
||||
Default: none. Use the following options instead: http-enabled,
|
||||
proxy-headers.
|
||||
--proxy-headers <headers>
|
||||
The proxy headers that should be accepted by the server. Misconfiguration
|
||||
might leave the server exposed to security vulnerabilities. Takes precedence
|
||||
|
|
Loading…
Reference in a new issue