Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[keycloak] Wrong port when click on manage account #473

Closed
Igor-lkm opened this issue Sep 2, 2021 · 1 comment
Closed

[keycloak] Wrong port when click on manage account #473

Igor-lkm opened this issue Sep 2, 2021 · 1 comment

Comments

@Igor-lkm
Copy link

Igor-lkm commented Sep 2, 2021
edited

Chart version: 15.0.0

Setup:
I have keycloak behind a proxy (kong). Keycloak ports are set to 80 and 443 via env variables. It is necessary to set these port to make keycloak work behind a proxy - Related issue on stackoverflow

Problem:
When I log into Administration Console (yep i can login and go though menus, everything seems to work) and click Manage account on the right top, keycloak redirects me to http://auth.example.com:8443/auth/realms/master/account/?referrer=security-admin-console. So the port is wrong here... it should be picked from KEYCLOAK_HTTPS_PORT, but it's not.

Expected behavior:
Not to have port 8443 and just go to http://auth.example.com/auth/real...

Relevant part of my value.yaml:

resources: *
replicas: *
postgresql:
  enabled: false
extraEnv: |
  - name: PROXY_ADDRESS_FORWARDING
    value: "true"
  - name: KEYCLOAK_HTTP_PORT
    value: "80"
  - name: KEYCLOAK_HTTPS_PORT
    value: "443"
  - name: KEYCLOAK_HOSTNAME
    value: auth.example.com
  - name: KEYCLOAK_FRONTEND_URL
    value: https://auth.example.com/auth
  - name: DB_VENDOR
    value: postgres
  - name: DB_ADDR
    value: *
  - name: DB_PORT
    value: *
  - name: DB_DATABASE
    value: *
  - name: DB_USER_FILE
    value: /secrets/db-creds/user
  - name: DB_PASSWORD_FILE
    value: /secrets/db-creds/password

extraVolumeMounts: ...
extraVolumes: ...

Thank you folks!
@Igor-lkm
Copy link
Author

Igor-lkm commented Sep 3, 2021

The actual fix is required on proxy side. In my case we use Kong.

From keycloak manual:

Configure your reverse proxy or loadbalancer to properly set X-Forwarded-For and X-Forwarded-Proto HTTP headers.

That made me to go though some issues and question (stackoverflow etc) related to this topic. (aka is something wrong with X-Forwarded-*?).

I went though multiple solutions and found this one in github. However that exact solution did not worked for me.

What is working for me:

On the route, where Keycloak is exposed, we need to add:

serverless > post function with following content:

ngx.var.upstream_x_forwarded_port=443 

Then everything works correctly. You might want to look into this issue on github

@Igor-lkm Igor-lkm closed this as completed Sep 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Igor-lkm