Hi I am having a problem with SSL termination for SpringBoot adapter and KeyCloak. I am using KeyCloak 15.1.1
Before implementing SSL, everything works fine with HTTP. The headache comes when I implemented SSL.
I get Invalid URLS error at when trying to load using HTTPS. I am able to load the front end web pages, but the API calls are not working.
AWS DETAILS
I am using AWS Application Load balancer to with ACM Certificate to allow https request over http. My Application Load balancer has a https:443 listener to forwards all https request (port 443) to http. This https listener has the rule :
- if path is app/api* forward to target group http:8081
The Load Balancer DNS name and the ACM certificate are already registered at Route 53 Hosted Zones:
- Record Type A
- RecordName :
myapp.com
- Routing: Simple
- Alias: Yes
- Value/Traffice routed to: myapp-alb-xxxxxxxxx…amazonaws.com (this is the app load balancer DNS Name)
- The ACM Certificate is created using my website’s domain name (
myapp.com
)
AWS CLOUD VM
Inside my AWS EC2 Cloud VM, I have Angular, Spring boot, and Keycloak running
- Spring boot Server is running Port 8081
- KeyCloak Server running in port 8080
In my angular API configuration, I have set all API endpoints to use https://myapp.com/app/api
:
apiConfig: {
api1tEndpoint: 'https://myapp.com/app/api/api1',
api2Endpoint: 'https://myapp.com/app/api/api2,
},
At The Springboot backend, the keycloak configuration are set in the application.proprties :
server.port=8081
# KEYCLOAK Configuration
keycloak.enabled=true
keycloak.realm=MyAppRealm
**keycloak.auth-server-url=https://mayapp.com/auth
keycloak.ssl-required=none
In the KeyCloak standalone.xml, I have set the following based on this article I read here :
<subsystem xmlns="urn:jboss:domain:undertow:12.0">
<http-listener name="default" socket-binding="http"
proxy-address-forwarding="true" redirect-socket="proxy-https"/>
</subsystem>
:
:
<socket-binding-group name="standard-sockets" default-interface="public"
port-offset="${jboss.socket.binding.port-offset:0}">
...
<socket-binding name="proxy-https" port="443"/>
...
</socket-binding-group>
QUESTIONS:
- Is there any configuration I missed in my Spring Boot App or at Angular?
- For Keycloak, did I do the correct configuration? Or I need to configure somewhere else besides standalone.xml?
- Or Is my configuration at AWS Load balancer done correctly?