docker-composeで、keycloakをnginxを使ってReverse proxyして立ち上げる設定。
https://~/auth/のwelcomeページのリンクがhttpsにならないとか、https://~/auth/admin/master/console/のscriptのsrcが下記のようにhttpsにならないとかで嵌ったのでメモ。
<script src="/auth/resources/i5ev0/common/keycloak/lib/filesaver/FileSaver.js"></script>
<script src="/auth/resources/i5ev0/common/keycloak/lib/ui-ace/min/ace.js"></script>
<script src="/auth/resources/i5ev0/common/keycloak/lib/ui-ace/ui-ace.min.js"></script>
<!-- ここだけhttpになる -->
<script src="http://~/auth/js/keycloak.js?version=i5ev0" type="text/javascript"></script>
Contents
docker-compose
keycloakのKEYCLOAK_FRONTEND_URL, RROXY_ADDRESS_FORWARDINGの環境変数がポイント。
# docker-compose.yml
version: "3.4"
networks:
keycloak-net:
services:
nginx:
image: nginx:1.21.0
networks:
- keycloak-net
depends_on:
- keycloak
volumes:
- ./nginx/default.conf:/etc/nginx/conf.d/default.conf
- ./nginx/ssl:/etc/nginx/ssl
ports:
- "443:443"
restart: always
keycloak-db:
image: postgres:11-alpine
volumes:
- ./db:/var/lib/postgresql/data
networks:
- keycloak-net
expose:
- "5432"
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
restart: always
keycloak:
image: jboss/keycloak:13.0.1
depends_on:
- keycloak-db
networks:
- keycloak-net
expose:
- "8080"
environment:
- "DB_VENDOR=POSTGRES"
- "DB_ADDR=keycloak-db"
- "DB_PORT=5432"
- "DB_DATABASE=keycloak"
- "DB_USER=keycloak"
- "DB_PASSWORD=password"
- "KEYCLOAK_USER=admin"
- "KEYCLOAK_PASSWORD=admin"
- "KEYCLOAK_FRONTEND_URL=https://xxxx/auth"
- "RROXY_ADDRESS_FORWARDING=true"
restart: always
nginx
# nginx/conf.d/default.conf
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
proxy_pass http://keycloak:8080;
}
}
