Keycloak gatekeeper: is it possible to have more than 1 upstream URL?
Documentation:
Keycloak gatekeeper: is it possible to have more than 1 upstream URL?
Documentation:
No, but nobody is stopping you to point upstream URL to reverse proxy/loadbalancer, where you can do that.
Thanks @jangaraj,
Yep, we considered loadbalancer as an option.
Do you think it would be ok to put one more reverse proxy, if we already have react app + nginx which is used for static js content hosting and reverse proxy behind keycloak gatekeeper.
That depends on use case. If you are in High-frequency trading, where every millisecond counts, then it won’t be acceptable. But it won’t be a issue for majority web apps - users will not notice a few milliseconds delay.
with having 2 containers keycloak gatekeepr and react+nginx (keycloak itself is hosting on separate infra)
Should I provision certs for keycloak gatekeeper or for react+nginx or both?
With http after entering login/password I receive ERR_TOO_MANY_REDIRECTS in browser.
With https ngrok pointed to http keycloak gk - it works
It is a good practice to encrypt web traffic + https is mandatory for Open ID SSO protocol (so prod Keycloak exposed for user on http port is insecure ).
yep, that’s clear
keycloak itself is https, but I wonder why there might be errors I mention with keycloak gatekeeper
You are asking question, which may have a million root causes, e.g.:
It can be absolutely unrelated to Gatekeeper.
If I configured nginx as upstream app with https/443.
What listen port should I use for keycloak gatekeeper?
Currently I use 80 port for keycloak gatekeeper, but I see there is an option to use https directly with keycloak gatekeeperю
Is there any proper config for proper https configuration with keycloak gatekeeper?
Should I add certificates inside keycloak gatekeeper?
reference doc: https://github.com/keycloak/keycloak-documentation/blob/master/securing_apps/topics/oidc/keycloak-gatekeeper.adoc