X-Forwarded-Host Proxy Header Support

In order to return the correct endpoints in the discovery document when running Keycloak behind a reverse proxy, the docs state that you have to make sure that the reverse proxy is preserving the original Host header.

“Configure your reverse proxy or loadbalancer to preserve the original ‘Host’ HTTP header.” from Server Installation and Configuration Guide

This is not possible in every case. So instead, I would like to use the X-Forwarded-Host header (X-Forwarded-Host - HTTP | MDN). The documentation does not state that this is supported and I remember having tested this some time ago and it did not work. When I recently tested this with the official Keycloak 15.0.2 Docker image and PROXY_ADDRESS_FORWARDING=true, I realized that Keycloak is now respecting the X-Forwarded-Header and adjusts the endpoints in the discovery endpoint.

Has this feature been added recently and were the docs not updated? I couldn’t find anything on GitHub or in the Keycloak issue tracker.


1 Like

Since I am currently wrestling with X-Forwarding-For: It seems to have been added here in 2013: WFLY-2625 WFLY-2653 WFLY-2196 WFLY-1070 Undertow subsystem upgrades by ctomc · Pull Request #5593 · wildfly/wildfly (github.com)

Best Regards!