Keycloak Proxy Buffering behing Nginx to support Blazor Server (websockets)

hoba · July 4, 2022, 1:28pm

Hi,

I have a Keycloak v17 running on Kubernetes, exposed behind an Nginx ingress controller. Keycloak is exposed via its own subdomain like auth.mydomain.com.

Further more, I have a Blazor Server (.net 6) application exposed via the domain example.com, in which I do authentication against the above Keycloak server.

I now have the dilemma, that Blazor Server seems to enforce websocket, which does not allow to set the proxy_buffer to ‘ON’ on the ingress route, whilst Keycloak requires it. Is there a way to let Keycloak successfully run with proxy_buffering=‘OFF’ behind Nginx ingress?

Thanks

hoba · January 6, 2023, 1:49pm

Hi, it took me very long to debug this but I want to share the result if anybody else might run into similar issues. Ultimately, it turned out that it was a bad configuration of the hosted .net core service. While I knew it was related to the cookie/header size, I always tried to tweak the Nginx Ingress configuration - without any improvement. What solved it finally was to change in the .net core AddOpenIdConnect() method from “SaveTokens = true” to “SaveTokens = false”. This reduces the header size so that it will work.

Topic		Replies	Views
Proxy_buffer_size : 502 bad gateway error Getting advice	5	4298	January 22, 2023
Keycloak reverse proxy Getting advice	2	3902	January 14, 2020
Show Real IP address of client on the keycloak events Configuring the server authentication	0	825	December 21, 2022
Problems with Keycloak in Kubernetes behind a Network Load Balancer in AWS	5	3749	May 17, 2022
Keycloak restrict admin console Securing applications	0	1109	February 3, 2023

Keycloak Proxy Buffering behing Nginx to support Blazor Server (websockets)

Related Topics