Due to external constraints my architecture is currently looking like this :
haproxy on 443 <—> nginx on 80 <—> keycloak in docker container
- Haproxy is used as simple reverse ssl proxy and send X-forwared headers
- Nginx is used to proxy_pass to keycloak on http port with the necessary X-forwarded headers (X-Forwarded-For, X-Forwaded-Host and X-Forwarded-Proto set to https)
- Keycloak is running with the PROXY_ADDRESS_FORWARDING option set to true
I can access the landing page and the /auth/realms/master/account page. However I cannot access the admin console. What happens is that app.js requests /auth/admin/master/console/whoami which fails and returns a 401 error when reached directly. I’m also having troubles the openid-connect api (401 http codes).
Worst part : There’s nothing in the logs even with log_level ALL
Are there some conflicting headers in this stack of servers ? How can I progress in debuging this mess ?
Thanks in advance