7

I am trying to run Keycloak 3.2.1.Final behind a nginx reverse Proxy (later this will become Ingress). The goal is to reach the same keycloak service from different adresses like so:

  • a.com/foo1/baz1/keycloak/(auth/realms/...)
  • a.com/foo2/baz2/keycloak/(auth/realms/...)
  • ...

and so on.

What I managed to do was change the standalone.xml <web-context> setting from 'auth' to 'foo1/baz1/keycloak' and reach the service like this:

  • localhost:8081/foo1/bar1/keycloak/

but in no combination of configs was I able to make the Nginx Proxy and the Keycloak server work together to be reached via the a.com domain on Port 80.

There is a solution to a very similar question @ Configure reverse-proxy for Keycloak docker with custom base URL

but this does not seem to work (anymore?).

Ty for your time.

HolyMarcell
  • 81
  • 1
  • 1
  • 4

3 Answers3

8

In Keycloak 18.x you can set http-relative-path argument, which contains the path relative to '/'.

CLI: --http-relative-path

Env: KC_HTTP_RELATIVE_PATH

Dennis Meissel
  • 1,825
  • 1
  • 21
  • 33
  • 1
    This is the best and easiest solution to the problem and the only one that worked for me. It is much simpler than modifying xml files nested deep inside keycloak. I know "thank you" messages are frowned on here but honestly, thank you so much – Anish Sinha Aug 11 '22 at 00:09
  • 1
    @AnishSinha I spent a lot of time modifying xmls until I found it, I am glad it helped you too :) – Dennis Meissel Sep 06 '22 at 13:48
  • 1
    could kiss you. It took like an hour till I found this post. Seems like absolutely one of the most common configurations that would be wanted and Im surprised it was not better documented. I was chasing after hostname-path which apparently does not work even though their documentation literally says "set this if behind proxy and you want a different path" .... – George Jan 20 '23 at 20:36
0

See my answer here: https://stackoverflow.com/a/54311713/2117355

In recent versions of Keycloak, you also need to modify standalone-ha.xml.

Mark
  • 4,970
  • 5
  • 42
  • 66
0

Usecase: Behind proxy
If ur using jboss/keycloak you can update context path like this:

Dockerfile:

FROM jboss/keycloak

RUN sed -i -e 's/<web-context>auth<\/web-context>/<web-context>keycloak\/auth<\/web-context>/' /opt/jboss/keycloak/standalone/configuration/standalone.xml
RUN sed -i -e 's/<web-context>auth<\/web-context>/<web-context>keycloak\/auth<\/web-context>/' /opt/jboss/keycloak/standalone/configuration/standalone-ha.xml
RUN sed -i -e 's/\/auth/\/keycloak\/auth/' /opt/jboss/keycloak/welcome-content/index.html

Or do to same change (Update web-context) standalon config: <KEYCLOAK_HOME>/standalone/configuration/standalone.xml

selllami
  • 182
  • 1
  • 13