I have a spring boot application running on digital ocean server behind nginx server using keycloak for login. I have been running this application for last 2 years but last week after a system reboot got issue configuring the keycloak redirect uri.
My nginx config looks like
upstream keycloak_server {
server keycloak:8080;
}
upstream konicaMinolta {
server km-app:7171;
}
server {
listen 80;
server_name prokom.dev www.prokom.dev;
client_max_body_size 25M;
location ^~ /.well-known/acme-challenge/ {
allow all;
root /var/www/certbot;
}
return 301 https://www.prokom.dev$request_uri;
}
server {
listen 443 ssl;
server_name prokom.dev;
client_max_body_size 25M;
ssl_certificate /etc/letsencrypt/live/prokom.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/prokom.dev/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
return 301 https://www.prokom.dev$request_uri;
}
server {
listen 443 ssl;
server_name www.prokom.dev;
location ^~ /.well-known/acme-challenge/ {
allow all;
root /var/www/certbot;
}
client_max_body_size 25M;
location /auth {
proxy_pass http://keycloak_server;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location / {
proxy_pass http://konicaMinolta;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
ssl_certificate /etc/letsencrypt/live/prokom.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/prokom.dev/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
My docker compose looks like
keycloak:
build: keycloak-image
image: km-keycloak
environment:
PROXY_ADDRESS_FORWARDING: "true"
DB_VENDOR: MYSQL
DB_ADDR: mysql
DB_DATABASE: keycloak
DB_USER: keycloak
DB_PASSWORD: xyz
KEYCLOAK_USER: 123
KEYCLOAK_PASSWORD: 123
volumes:
- mysql_data:/opt/jboss/mysql_data
depends_on:
- mysql
links:
- mysql
nginx:
build: nginx-image
image: km-nginx
volumes:
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
ports:
- 80:80
- 443:443
depends_on:
- keycloak
- km-app
links:
- keycloak
- km-app
environment:
- PRODUCTION=true
I have been able to get the app running but when I navigate to login page I get the error
Invalid URL: Redirect URI
In the keycloak logs I get this
00:33:02,006 WARN [org.keycloak.events] (default task-18) type=LOGIN_ERROR, realmId=km, clientId=km-frontend, userId=null, ipAddress=24.4.38.71, error=invalid_redirect_uri, redirect_uri=http://www.prokom.dev/app
So I tried setting the URI in the admin console
* Valid Redirect URIs
http://www.prokom.dev/app/*
http://www.prokom.dev/app
Base URL
https://prokom.dev
Admin URL
Web Origins
http://www.prokom.dev
At this point the error went away but another issue came up where HTML file is not rendered but instead gets downloaded. For example https://www.youtube.com/watch?v=jl2w3JsGqvk