Added documentation to specify https redirect port
This commit is contained in:
Stian Thorgersen
parent
28adc28a56
commit
34eb34c5fc
1 changed files with 14 additions and 3 deletions
|
|
@ -510,15 +510,26 @@ keycloak-war-dist-all-1.0-beta-3-SNAPSHOT/
|
||||||
Follow the documentation for your web server to enable SSL and configure reverse proxy for Keycloak.
|
Follow the documentation for your web server to enable SSL and configure reverse proxy for Keycloak.
|
||||||
It is important that you make sure the web server sets the <literal>X-Forwarded-For</literal> and
|
It is important that you make sure the web server sets the <literal>X-Forwarded-For</literal> and
|
||||||
<literal>X-Forwarded-Proto</literal> headers on the requests made to Keycloak. Next you need to enable
|
<literal>X-Forwarded-Proto</literal> headers on the requests made to Keycloak. Next you need to enable
|
||||||
<literal>proxy-address-forwarding</literal> on the Keycloak http connector. This is done by editing
|
<literal>proxy-address-forwarding</literal> on the Keycloak http connector. Assuming that your reverse
|
||||||
<literal>standalone/configuration/standalone.xml</literal>.
|
proxy doesn't use port 8443 for SSL you also need to configure what port http traffic is redirected to.
|
||||||
|
This is done by editing <literal>standalone/configuration/standalone.xml</literal>.
|
||||||
</para>
|
</para>
|
||||||
|
First add <literal>proxy-address-forwarding</literal> and <literal>redirect-socket</literal> to the <literal>http-listener</literal>
|
||||||
|
element:
|
||||||
<para>
|
<para>
|
||||||
<programlisting><![CDATA[<subsystem xmlns="urn:jboss:domain:undertow:1.1">
|
<programlisting><![CDATA[<subsystem xmlns="urn:jboss:domain:undertow:1.1">
|
||||||
...
|
...
|
||||||
<http-listener name="default" socket-binding="http" proxy-address-forwarding="true"/>
|
<http-listener name="default" socket-binding="http" proxy-address-forwarding="true" redirect-socket="proxy-https"/>
|
||||||
...
|
...
|
||||||
</subsystem>
|
</subsystem>
|
||||||
|
]]></programlisting>
|
||||||
|
Then add a new <literal>socket-binding</literal> element to the <literal>socket-binding-group</literal> element:
|
||||||
|
<programlisting><![CDATA[
|
||||||
|
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
|
||||||
|
...
|
||||||
|
<socket-binding name="proxy-https" port="443"/>
|
||||||
|
...
|
||||||
|
</socket-binding-group>
|
||||||
]]></programlisting>
|
]]></programlisting>
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue