I’m trying to setup keycloak in front of multiple virtual hosts
web: gateway_ip
app1: gateway_ip:8100
app2: gateway_ip:8200
I’ve done it with success for web host, it displays the keycloak login form, I submit my credentials and I’m redirected to the web page. I’ve tried to apply the same config(different client id and secret) to other virtual hosts but without success(CSP errors and 403 )
nginx vhost conf example:
server {
listen 8200;
server_name x.x.x;
location / {
access_by_lua '
local opts = {
redirect_uri = "/redirect_uri",
accept_none_alg = true,
discovery = "http://keycloak_host:8181/auth/realms/pantagruel/.well-known/openid-configuration",
client_id = "test2",
client_secret = "abc",
redirect_uri_scheme = "http",
logout_path = "/logout",
redirect_after_logout_uri = "http://keycloak_host:8181/auth/realms/pantagruel/protocol/openid-connect/logout?redirect_uri=http://x.x.x/",
redirect_after_logout_with_id_token_hint = false,
session_contents = {id_token=true}
}
-- call introspect for OAuth 2.0 Bearer Access Token validation
local res, err = require("resty.openidc").authenticate(opts)
if err then
ngx.status = 403
ngx.say(err)
ngx.exit(ngx.HTTP_FORBIDDEN)
end
';
proxy_pass http://internal_ip(x.x.x):8200;
proxy_redirect default;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Port $server_port;
proxy_max_temp_file_size 0;
}
}
keycloak config
