Reverse proxy configuration for keycloak (Nginx)

Question

I have a spring boot application (with keycloak adapter) running on port 8000 and keycloak running on 8080

I have edited my /etc/hosts file to route requests coming on my test-domain (foo.bar.com) to route to 127.0.0.1

I am not interested in SSL as of now.

My sample nginx configuration:

server {
    listen       80;
    server_name  foo.bar.com;

   location /myapp {
        proxy_set_header        Host               $host/myapp;
        proxy_set_header        X-Real-IP          $remote_addr;
        proxy_set_header        X-Forwarded-For    $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Host   $host;
        proxy_set_header        X-Forwarded-Server $host;
        proxy_set_header        X-Forwarded-Port   80;
        proxy_set_header        X-Forwarded-Proto  http;

        proxy_pass              http://localhost:8000/;
    }

   location /auth {
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host   $host;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_pass              http://localhost:8080;
    }
}

Question:

Will this sample nginx conf be sufficient? I had some infinite redirects happening. Logs from keycloak adapter in my spring application say: No State Cookie

If I do not use proxy server and instead configure the app and keycloak talk directly to each other it works. I wonder why proxy server is creating issues.

Answer 1

Did you configure Keycloak so that it knows it's behind a proxy?

E.g. for docker it's the option -e PROXY_ADDRESS_FORWARDING=true