libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

Add a description which port shoud be reverse proxied

Browse source 
I misunderstood how to configure reverse proxy with different
hostname/hostname-admin. So this description will help other users.

Closes #33559

Signed-off-by: Sutou Kouhei <kou@clear-code.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
This commit is contained in:
Sutou Kouhei 2024-10-18 17:08:00 +09:00 committed by GitHub
parent 3a9bab35b6
commit 358ab5512c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 18 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
docs/guides/server/reverseproxy.adoc
View file

@ -10,6 +10,20 @@ includedOptions="proxy-* hostname hostname-admin http-relative-path">
Distributed environments frequently require the use of a reverse proxy. {project_name} offers several options to securely integrate with such environments. Distributed environments frequently require the use of a reverse proxy. {project_name} offers several options to securely integrate with such environments.
== Port to be proxied
{project_name} runs on the following ports by default:
* `8443` (`8080` when you enable HTTP explicitly by `--http-enabled=true`)
* `9000`
The port `8443` (or `8080` if HTTP is enabled) is used for the Admin UI, Account Console, SAML and OIDC endpoints and the Admin REST API as described in the <@links.server id="hostname"/> {section}.
The port `9000` is used for management, which includes endpoints for health checks and metrics as described in the <@links.server id="management-interface"/> {section}.
You only need to proxy port `8443` (or `8080`) even when you use different host names for frontend/backend and administration as described at <@links.server id="configure-production"/>. You should not proxy port `9000` as health checks and metrics use those ports directly, and you do not want to expose this information to external callers.
== Configure the reverse proxy headers == Configure the reverse proxy headers
{project_name} will parse the reverse proxy headers based on the `proxy-headers` option which accepts several values: {project_name} will parse the reverse proxy headers based on the `proxy-headers` option which accepts several values:
@ -79,7 +93,8 @@ By default, the `spi-sticky-session-encoder-infinispan-should-attach-route` opti
cookies to indicate to the reverse proxy the node that subsequent requests should be sent to. cookies to indicate to the reverse proxy the node that subsequent requests should be sent to.
== Exposed path recommendations == Exposed path recommendations
When using a reverse proxy, {project_name} only requires certain paths need to be exposed.
When using a reverse proxy, {project_name} only requires certain paths to be exposed.
The following table shows the recommended paths to expose. The following table shows the recommended paths to expose.
[%autowidth] [%autowidth]