Keycloak8/Wildfly17 behind nginx reverse-proxy: standalone.xml config questions?
pgnd42 Aug 22, 2019 6:54 PMI'm setting up a 1st keycloak v8/head instance.
It bundles WildFly 17 et al
egrep -i "<wildfly\.[a-z].*\.version>" kerycloak/pom.xml
<wildfly.version>17.0.1.Final</wildfly.version>
<wildfly.build-tools.version>1.2.10.Final</wildfly.build-tools.version>
<wildfly.core.version>9.0.2.Final</wildfly.core.version>
<wildfly.common.version>1.5.1.Final</wildfly.common.version>
<wildfly.plugin.version>1.1.0.Final</wildfly.plugin.version>
jboss-cli>
version
JBoss Admin Command-line Interface
JBOSS_HOME: /opt/keycloak
Release: 9.0.2.Final
Product: Keycloak 8.0.0-SNAPSHOT
JAVA_HOME: /etc/alternatives/java_sdk_openjdk
java.version: 12.0.2
java.vm.vendor: Oracle Corporation
java.vm.version: 12.0.2+9-suse-lp151.40.1-x8664
os.name: Linux
os.version: 5.2.9-25.g71d4424-default
It's up & running.
Both the admin & mgmt UIs are *directly* accessible &functional via http://, given
jboss.http.port=8080
jboss.management.http.port=9990
at,
http://10.0.0.1:8080
http://10.0.0.1:9990
respectively.
So far, so good.
I'm now trying to get it operating behind an SSL terminating Nginx reverse-proxy.
I haven't found a good just-reverse-proxy example/doc yet
Closest so far, reading at
> Using Wildly as a static load balancer
> http://docs.wildfly.org/17/Admin_Guide.html#using-wildly-as-a-static-load-balancer
which is for a load-balanced config, using ajp.
Atm, i'm interested in a non-load-balanced config, and am unclear how to properly modify that config.
My GOAL is to have the front-end, terminator respond, for keycloak, at
> https://my.example.com:10001/keycloak
Based on the referenced config above, I've got, atm,
/subsystem=undertow/configuration=handler/reverse-proxy=my-handler:add()
/socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=remote-host1/:add(host=my.example.com, port=10001)
/subsystem=undertow/configuration=handler/reverse-proxy=my-handler/host=host1:add(outbound-socket-binding=remote-host1, scheme=ajp, instance-id=myroute, path=/keycloak)
/subsystem=undertow/server=default-server/host=default-host/location=\/keycloak:add(handler=my-handler)
but I'm not getting past the 1st page of the keycloak app, to its login page -- when accessing via the terminator. yet. So, some changes req'd.
With NO loadbalancing, what "scheme=" attribute is used? ajp isn't still appropriate, is it?
Also, are the
... path=/keycloak ...
... location=\/keycloak ...
path specs correct here?