I have configured my newly-installed system such that I can use keycloak’s web interface from a local browser or via an ssh-tunnel. A Firewall on the system prevents port 8443 from being used externally, a condition I very much don’t want to change.
The plan is to configure nginx as a reverse proxy listening on port 443, enabling nginx to select the correct traffic destination based on the Host: header before re-encrypting traffic on the way to keycloak. There are several other sites that also connect to this server, and so in this case nginx is on the same host as keycloak.
I can connect locally on 8443 (both inet and localhost), and in dev mode on 8080, but nginx keeps getting ‘connection refused’ from the OS when nginx tries to connect an incoming :443 connection to 8443. The keycloak logs show nothing at all, and nginx logs show econnrefused for a connection that works when using
telnet addr 8443.
Any thoughts on what’s happening? I can paste configs if that will help.