Hello folks,
I am playing with Keycloak setup want to achieve the following things:
-
Setup a keycloak service
-
Use it behind HTTPS
-
Use a sub-domain to point to the server
I have set up the server on digital ocean using a docker image. But that’s with HTTPS turned off. At this point, it’s accessible using HTTP and the IP address.
At this point I would have wanted to get some certs and use that, it would have solved half of the problem-- having HTTPS, though that would still be behind an IP.
But then I couldn’t find a free CA which gives certificates for IP address. So, I got a domain to use.
At this point, I thought I would use Nginx as a reverse proxy, will point a sub-domain to Nginx, and reroute the requests to Keycloak. I found a sensible plan but a poor execution.
(I should warn you that I am self-taught and new to many things here. Precisely-- Docker, Digital Ocean, Keycloak and Nginx 
)
-
I got Nginx to route to Keycloak endpoint i.e http:///ip (Nginx is running on default port) to
http:///ip:port/auth -
Glad about this minuscule success, I pointed sub-domain to Nginx. Now we have http:///sub.domain.com pointing to http:///ip:port/auth
-
I also got certificates for Nginx from Let’sEncrypt. Thanks to their easy to follow steps.
Now coming to the poor execution part:
At this point, I have a https:///sub.domain.com pointing https:///ip:port/auth which is all nice and intended.
But as soon as I click on admin I see the following flaws:
-
The hyperlink is pointing to http:///ip:port/auth/a/b/c instead of http:///sub.domain/auth/a/b/c. So we definitely have something wrong with the Nginx config.
- What are the changes I need to make to fix this? Should I give the domain name to Keycloak to generate its link relative to that?
-
The hyperlink is also http://ip:port/auth/a/b/c instead of https which is kinda expected but not where I want to reach.
- I can here think to re-setup Keycloak with HTTPS on. But that would require me to have certs. Should I get these different from the ones I got for sub-domain & Nginx? If yes, where can I get them from?
-
Best way to configure the components:
- I am using Keycloak in docker but don’t know where to go and edit Standalone XML. So I end up passing configs to the docker command.
These are the parts I am stuck at and would appreciate it a lot if anyone can help me with these.
I know it’s a lot to read and process but if you kind-hearted point me in the right directions, I will go, read and apply those.
And as a thank you note, I will be willing to buy you a coffee and would write a blog post with the steps to do all these for others to use.
Thanks, for staying till here,
xoxo