Keycloak gatekeeper: is it possible to have more than 1 upstream URL?

Keycloak gatekeeper: is it possible to have more than 1 upstream URL?


No, but nobody is stopping you to point upstream URL to reverse proxy/loadbalancer, where you can do that.

Thanks @jangaraj,
Yep, we considered loadbalancer as an option.
Do you think it would be ok to put one more reverse proxy, if we already have react app + nginx which is used for static js content hosting and reverse proxy behind keycloak gatekeeper.

That depends on use case. If you are in High-frequency trading, where every millisecond counts, then it won’t be acceptable. But it won’t be a issue for majority web apps - users will not notice a few milliseconds delay.

with having 2 containers keycloak gatekeepr and react+nginx (keycloak itself is hosting on separate infra)

Should I provision certs for keycloak gatekeeper or for react+nginx or both?

With http after entering login/password I receive ERR_TOO_MANY_REDIRECTS in browser.
With https ngrok pointed to http keycloak gk - it works

It is a good practice to encrypt web traffic + https is mandatory for Open ID SSO protocol (so prod Keycloak exposed for user on http port is insecure :scream:).

yep, that’s clear :slight_smile:
keycloak itself is https, but I wonder why there might be errors I mention with keycloak gatekeeper

You are asking question, which may have a million root causes, e.g.:

  • Nginx config
  • huge cookies (so browser refuses them silently), because to many information in the access token

It can be absolutely unrelated to Gatekeeper.

If I configured nginx as upstream app with https/443.
What listen port should I use for keycloak gatekeeper?
Currently I use 80 port for keycloak gatekeeper, but I see there is an option to use https directly with keycloak gatekeeperю
Is there any proper config for proper https configuration with keycloak gatekeeper?
Should I add certificates inside keycloak gatekeeper?

reference doc: