commit
4728729302
1 changed files with 4 additions and 0 deletions
|
@ -841,6 +841,10 @@ $ keytool -import -alias yourdomain -keystore keycloak.jks -file your-certificat
|
||||||
|
|
||||||
<section id="proxy-address-forwarding">
|
<section id="proxy-address-forwarding">
|
||||||
<title>Configure reverse proxy for address forwarding</title>
|
<title>Configure reverse proxy for address forwarding</title>
|
||||||
|
<para>
|
||||||
|
Keycloak needs to know the original request URL as this is needed for example to set the correct issuer in tokens as well as redirects, links, etc.
|
||||||
|
This requires the reverse proxy to pass the original <literal>Host</literal> header.
|
||||||
|
</para>
|
||||||
<para>
|
<para>
|
||||||
Keycloak has some functionalities (for example <link linkend='events'>Events</link> or <link linkend="brute-force-attacks">Brute Force protector</link>)
|
Keycloak has some functionalities (for example <link linkend='events'>Events</link> or <link linkend="brute-force-attacks">Brute Force protector</link>)
|
||||||
that relies on the fact, that remote address of the HTTP connection is the real IP address of the client machine. This may be a bit tricky when you have setup
|
that relies on the fact, that remote address of the HTTP connection is the real IP address of the client machine. This may be a bit tricky when you have setup
|
||||||
|
|
Loading…
Reference in a new issue