Closed roumano closed 1 month ago
If keycloak is behind a proxy, in some case, we need to add the argument --proxy-headers of the start of the service
--proxy-headers
See Configure the reverse proxy headers for the detail in keycloak configuration
i propose this change on templates/keycloak.service.j2 :
templates/keycloak.service.j2
{% if keycloak_quarkus_start_dev %} ExecStart={{ keycloak.home }}/bin/kc.sh start-dev{%if keycloak_quarkus_proxy_headers is defined %} --proxy-headers {{keycloak_quarkus_proxy_headers}}{% endif %}{{ '\n' }} {% else %} ExecStart={{ keycloak.home }}/bin/kc.sh start --optimized{%if keycloak_quarkus_proxy_headers is defined %} --proxy-headers {{keycloak_quarkus_proxy_headers}}{% endif %}{{ '\n' }} {% endif %}
instead of the actual :
{% if keycloak_quarkus_start_dev %} ExecStart={{ keycloak.home }}/bin/kc.sh start-dev {% else %} ExecStart={{ keycloak.home }}/bin/kc.sh start --optimized {% endif %}
So, it's can be used with this variable : keycloak_quarkus_proxy_headers: xforwarded
keycloak_quarkus_proxy_headers: xforwarded
SUMMARY
If keycloak is behind a proxy, in some case, we need to add the argument
--proxy-headers
of the start of the serviceSee Configure the reverse proxy headers for the detail in keycloak configuration
i propose this change on
templates/keycloak.service.j2
:instead of the actual :
So, it's can be used with this variable :
keycloak_quarkus_proxy_headers: xforwarded
ISSUE TYPE