Running Keycloak behind docker container (with Nginx as reverse proxy)

1

Hi,

I’m running Keycloak on a docker container on port 8080 and i use Nginx as reverse proxy to match the hostname ‘auth.local’. When i go to auth.local and i log in, i get a “Cookie error” ( error=“cookie_not_found” in docker logs ).

Below, there is my docker-compose and nginx conf (template) :

version: '3.9'

services:
  webserver:
    container_name: webserver
    image: nginx:latest
    ports : 
      - "80:80"
    restart: unless-stopped
    environment : 
      - SERVER_NAME=local
    volumes:
      - ./logs:/var/log/nginx/
      - ./webserver/templates:/etc/nginx/templates

keycloak:
    container_name: keycloak
    image: quay.io/keycloak/keycloak
    environment:
      - KEYCLOAK_ADMIN=admin
      - KEYCLOAK_ADMIN_PASSWORD=admin
      - KC_DB=postgres
      - KC_DB_URL=jdbc:postgresql://172.17.0.1:5432/keycloak
      - KC_DB_PASSWORD=keycloak
      - KC_DB_USERNAME=keycloak
      - KC_HOSTNAME=auth.local
      - KC_PROXY_ADDRESS_FORWARDING=true
      - KC_HOSTNAME_STRICT=false
    command:
      - start-dev

server{
    listen 80;

    server_name auth.${SERVER_NAME};

    location / {
        proxy_pass http://keycloak:8080/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-Server $host;
    }
    
}

What I can’t understand is that when I don’t proxie the service, I can correctly connect to the admin console.
What configuration did I do wrong?

Thanks !

2

This is not a valid Keycloak configuration variable.
Please see Using a reverse proxy - Keycloak for proper proxy configuration.

3

Thanks. When I define the correct parameter, it doesn’t change.

 - KC_PROXY_HEADERS=xforwarded

I’m totally helpless and I don’t understand the problem.