Skip to content
This repository has been archived by the owner on Feb 22, 2022. It is now read-only.

[stable/keycloak] invalid port redirect behind Kong #12272

Closed
Igor-lkm opened this issue Mar 15, 2019 · 5 comments
Closed

[stable/keycloak] invalid port redirect behind Kong #12272

Igor-lkm opened this issue Mar 15, 2019 · 5 comments

Comments

@Igor-lkm
Copy link

Igor-lkm commented Mar 15, 2019
edited

Is this a request for help?: yes

Is this a BUG REPORT or FEATURE REQUEST? (choose one): Bug

Version of Helm and Kubernetes: Helm v2.13.3 / minikube v0.27.0

Which chart: stable/keycloak 4.6.1

What happened: I have Keycloak behind Kong proxy. I can see welcome page of Keycloak at my {url}. When I click Administration Console I am redirected to {url}:8443/admin/master/console/

What you expected to happen:

Redirect should be to {url}/admin/master/console/

How to reproduce it (as minimally and precisely as possible):

  1. Fresh minikube
  2. Install Keycloak chart with values.yaml:
keycloak:
    basepath: ""
    replicas: 1
    username: *
    password: *
    dbVendor: *
    dbName: *
    dbHost: *
    dbUser: *
    dbPassword: *
    extraEnv: |
      - name: PROXY_ADDRESS_FORWARDING
         value: "true"

At this point environment var PROXY_ADDRESS_FORWARDING is set to true correctly on container. standalone config is loaded opt/jboss/keycloak/standalone/configuration/standalone_xml_history/standalone.boot.xml

  1. Install Kong chart with values.yaml:
    (I have self signed ssl certificate for my hello.local)
replicaCount: 1
admin:
  ingress:
    enabled: true
    hosts: ['hello.local']
proxy:
  type: ClusterIP
  ingress:
    enabled: true
    hosts: ['hello.local']
    tls:
      - hosts:
        - hello.local
        secretName: tls-certificate
    annotations:
      kubernetes.io/ingress.class: "nginx"
      nginx.ingress.kubernetes.io/rewrite-target: /
      nginx.ingress.kubernetes.io/ssl-passthrough: "true"
  tls:
    enabled: true
...
  1. Setup service and route for Kong

Service:

Protocol: http
Host: auth-keycloak-http
Port: 80

Route:

Hosts: hello.local 
Path: /

After that I can open https://hello.local and can see welcome page from Keycloak where I can click Administration Console and after that I have redirect to "https://hello.local:8443/admin/master/console/" in my browser. So we should not have redirect with another port at this point...

Anything else we need to know:

Similar setup with 2 docker images (Keycloak + Kong) is working if environment variable PROXY_ADDRESS_FORWARDING is true
@namadori
Copy link

Same problem here, with a deploy on Azure Kubernetes. Other services (angular frontend, spring boot backend services) are working correcly.

@tolmanam
Copy link

I'm currently working through the same issue.

I may have found a promising lead in the keycloak.org docs that descibe the steps to set up Keycloack behind a load balancer or proxy.

@Igor-lkm
Copy link
Author

well... it seems that keycloak is working behind express-gateway at least 🤔, with config like:

keycloakService:
  url: 'http://keycloak-http:80'
  proxyOptions:
    xfwd: true

@tolmanam did you have any luck with Kong?

@tolmanam
Copy link

@Igor-lkm I've had to pivot to work on other tasks. I thought that the keycloak.org documents appear to provide a promising lead that I hoped to come back to later.

If you have it working behind express-gateway that is a really good sign.

@unguiculus
Copy link
Member

The Keycloak chart here is being deprecated (#13316) and moved to a new home:
https://github.com/codecentric/helm-charts

I'm closing this issue. Feel free to open a new issue in the new repo. Thanks.

@Igor-lkm Igor-lkm mentioned this issue May 8, 2019
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@unguiculus @tolmanam @Igor-lkm @namadori