My setup is a little bit different. I am trying to use locations in nginx so I can only use one domain for both an app and keycloack but seems not working. Here is more information:
-
a server with nginx and forward to different machines.
-
a machine runs a webapp and keycloack using docker-compose.
-
a domain for the webapp
-
I can access both keycloack interface and the webapp interface using:
- "https://webapp.com" - "https://webapp.com/kc"
-
The problem is: login to keycloack “Administration Console” does not work.
-
The page changes to “https://webapp.com/admin” and I get this in the browser:
502 Bad Gateway nginx/1.18.0
-
This is what nginx error log reports:
[error] 222430#222430: *6 connect() failed (111: Connection refused) while connecting to upstream, client: **server_public_ip** server: webapp.com, request: "GET /admin/ HTTP/1.1", upstream: "http://wepapp_machine:wepapp_port/admin/", host: "wepapp.com"
-
my nginx looks like this
server {
server_name webapp.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header Host $http_host;
location / {
proxy_pass http://webapp_machine:webapp_port/;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_read_timeout 3000;
client_max_body_size 200M;
}
location /kc/ {
proxy_pass http://webapp_machine:keycloak_port/;
}
listen 443 ssl;
ssl_certificate /path/crt.pem;
ssl_certificate_key /path/key.pem;
include /path/ssl-nginx.conf;
ssl_dhparam /path/ssl-dhparams.pem;
}
server {
if ($host = webapp.com) {
return 301 https://$host$request_uri;
}
server_name webapp.com;
listen 80;
return 404;
}
And this the docker-compose :
version: '3'
services:
postgres:
image: postgres:12.7
container_name: wenapp.postgres
restart: always
expose:
- POSTGRES_PORT
ports:
- POSTGRES_PORT:5432
environment:
POSTGRES_USER: POSTGRES_USER
POSTGRES_PASSWORD: POSTGRES_PASSWORD
POSTGRES_DB: AUTH_DB
volumes:
- ./postgres_data:/var/lib/postgresql/data
networks:
- webapp_net
auth:
image: quay.io/keycloak/keycloak:19.0.2
restart: always
container_name: wenapp.auth
ports:
- keycloak_port:8080
entrypoint: /opt/keycloak/bin/kc.sh start-dev
environment:
KC_DB: postgres
KC_DB_URL_DATABASE: AUTH_DB
KC_DB_URL_HOST: wenapp.postgres
KC_DB_USERNAME: POSTGRES_USER
KC_DB_PASSWORD: POSTGRES_PASSWORD
KEYCLOAK_ADMIN: KEYCLOAK_ADMIN_USER
KEYCLOAK_ADMIN_PASSWORD: KEYCLOAK_ADMIN_PASSWORD
PROXY_ADDRESS_FORWARDING: "true"
KC_HOSTNAME_STRICT: "false"
KC_HTTP_ENABLED: "true"
KC_PROXY: "edge"
GRANT_TYPE: password
depends_on:
- postgres
networks:
- webapp_net
mainwebapp:
image: webapp_image
container_name: wenapp.app
restart: always
ports:
- webapp_port:8080
networks:
- webapp_net
networks:
webapp_net:
external:
name: webapp_net
I appreciate your suggestions