MUHAHA
Reputation: 1857
Keycloak and Nginx: auth_request
I am trying to setup auth_request with keycloak proxy, but it does not work (Nginx returns 500 status code).
Here is my example:
nginx.conf
upstream target_host {
server prometheus:9090;
}
upstream oauth_host {
server keycloak-proxy:8181;
}
server {
listen 80;
server_name myexample.com;
location = /oauth2/ {
proxy_pass http://oauth_host/oauth2/;
proxy_redirect default;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header Content-Length "";
proxy_pass_request_body off;
}
location / {
auth_request /oauth2/;
proxy_pass http://target_host/;
}
}
proxy.json
{
"target-url": "http://myexample.com/",
"target-request-timeout": "60000",
"send-access-token": true,
"bind-address": "0.0.0.0",
"http-port": "8181",
"applications": [
{
"base-path": "/oauth2/",
"proxy-address-forwarding": true,
"adapter-config": {
"realm": "test",
"disable-trust-manager": true,
"resource": "account",
"auth-server-url": "https://keycloak:8443/auth",
"ssl-required" : "external",
"credentials": {
"secret": "75ddbbd9-e98c-437e-9815-a8b66e9e58ec"
}
}
,
"constraints": [
{
"pattern": "/*",
"roles-allowed": [
"custom_role"
]
}
]
}
]
}
Nginx log:
172.19.0.1 - - [03/Sep/2018:14:50:14 +0200] "GET / HTTP/1.1" 500 193 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
172.19.0.1 - - [03/Sep/2018:14:50:14 +0200] "GET / HTTP/1.1" 500 193 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
2018/09/03 14:50:14 [error] 8#8: *21 auth request unexpected status: 302 while sending to client, client: 172.19.0.1, server: myexample.com, request: "GET / HTTP/1.1", host: "myexample.com"
2018/09/03 14:50:14 [error] 8#8: *23 auth request unexpected status: 302 while sending to client, client: 172.19.0.1, server: myexample.com, request: "GET / HTTP/1.1", host: "myexample.com"
- http://keycloak-proxy:8181 -> Keycloak Proxy
- https://keycloak:443 -> Keycloak
- http://prometheus:9090 -> Prometheus
- http://myexample.com -> Nginx
I am wondering how to properly setup auth_request. Can anyone help ?
Thanks
Upvotes: 4
Views: 6652
Answers (1)
ErvalhouS
Reputation: 4216
Your request to the oAuth2 service is being redirected with 302 HTTP code, maybe if you follow the redirect it will give you the response you are hoping for.
location = /oauth2/ {
# Other stuff..
# You may need to comment out this:
# proxy_redirect default;
# Then, add this:
proxy_intercept_errors on;
error_page 302 = @handle_redirect;
}
location @handle_redirect {
set $saved_redirect_location '$upstream_http_location';
proxy_pass $saved_redirect_location;
}
Upvotes: 2
Related Questions
- keycloak behind nginx login fails, port number missing from post etc
- Setup a nginx reverse proxy for keycloak
- Keycloak, oauth2-proxy and nginx.ingress.kubernetes
- Configuring Keyloak 18 with HTTP
- Keycloak login from rest api has been blocked by CORS
- nginx application authentication using keycloak - issue with ingress
- Configuring Keycloak through its REST API with cUrl
- Protect my RESTful services by a Keycloak Oauth2 Provider Using NGINX
- Keycloak behind reverse proxy
- How to get nginx to handle https for keycloak