When i try to log in to my keycloak (in a docker container) i get followed message:
Refused to frame 'http://keycloak:8080/' because it violates the following Content Security Policy directive: "frame-src 'self'".
nginx conf:
server {
listen 80;
listen [::]:80;
server_name keycloak.fs-theorie.de;
sub_filter 'http://keycloak:8080' 'http://keycloak.fs-theorie.de';
sub_filter_once off;
location / {
proxy_pass http://keycloak:8080;
}
}
It looks like you have wrong deployment design, when you need sub_filter:
1.) Keycloak container needs PROXY_ADDRESS_FORWARDING=true
Doc: Docker Hub
AND
2.) Nginx must have configured headers properly, so Keycloak will know where to redirect properly (so you don’t need subfilter hacking)
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
Doc: Server Installation and Configuration Guide
You can get inspiration from GitHub: e.g. GitHub - jinnerbichler/keycloak-nginx: Example for using NGINX as reverse proxy for Keycloak. but read Keycloak documentation - examples may not working properly with current Keycloak version.
Also remember that OIDC requires https in prod - then Keycloak Docker HTTPS required - Stack Overflow may be helpful for you.