Wrong Base URL Keycloak Deploy on AWS EKS

Configuring the server
1

Hi everyone, i have a problem when deploy the Keycloak Server on AWS EKS
here is my configuration:

Deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-keycloak
spec:
  replicas: 1
  selector:
    matchLabels:
      app: my-keycloak
  template:
    metadata:
      labels:
        app: my-keycloak
    spec:
      containers:
        - name: my-keycloak
          image: jboss/keycloak
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 8080
              name: http
            - containerPort: 8443
              name: https
          env:
            - name: PROXY_ADDRESS_FORWARDING
              value: "true"

Service.yaml

apiVersion: v1
kind: Service
metadata:
  name: my-keycloak
spec:
  selector:
    app: my-keycloak
  ports:
    - port: 8080
      targetPort: 8080
      name: http

Ingress.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  labels:
    app: my-keycloak
  name: my-keycloak-ingress
spec:
  rules:
    - host: mykecloak.com
      http:
        paths:
          - backend:
              serviceName: my-keycloak
              servicePort: 8080

but the base url always set to this, which is false and not work. What i want that the base url should be https://mykeycloak.com/* (with https and without the port number)

2020-05-22_16-47-45
2020-05-22_16-47-451030×220 103 KB

Many people said that the solution is set the PROXY_ADDRESS_FORWARDING to TRUE, but it doesnot work for me. Is there something i miss ?
Thanks for your help

2

It looks like your ingress didn’t set X-Forwarded-Proto/X-Forwarded-For headers. Configure them, doc: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/

3

hi @jangaraj

i already set the configmap like this

apiVersion: v1
kind: ConfigMap
metadata:
  annotations:
  labels:
    app: ingress-nginx
  name: nginx-configuration
  namespace: ingress-nginx
data:
  use-forwarded-headers: "true"

but the issue still occur.

those are current configmap on ingress-nginx namespace

enable-access-log-for-default-backend: true
hsts: true
hsts-include-subdomains: true
proxy-body-size: 100M
worker-shutdown-timeout: 25s
hsts-preload: true
server-tokens: false
hsts-max-age: 31536000

Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: frame-ancestors 'self' 'https://login.microsoftonline.com' 'https://xxxx';

is there any additional configurations ?