0

so I am very much new to the docker world. Currently facing this "502 Bad Gateway" error when trying to proxy pass to a keycloak container. I can't seem to understand the cause of the error. Below are my codes which I have written:

proxy.conf file

server{

   listen 80;

   location / {
      proxy_pass http://myapp;
 }
}

Dockerfile

FROM nginx:alpine
RUN rm etc/nginx/conf.d/*
COPY proxy.conf etc/nginx/conf.d/

docker-compose file

version: '3'
services:
   nginx_app:
      build: .
      container_name: nginxapp
      ports:
        - "9000:80"
      depends_on:
        - myapp

   myapp:
      image: jboss/keycloak:latest
      container_name: myapp
      ports:
        - "8443"
      environment:
        - KEYCLOAK_USER=admin
        - KEYCLOAK_PASSWORD=admin

What I am trying to do is that when I hit host-ip:9000 it should pass it to keycloak screen. But looks like something's wrong. Grateful for any help. Thanks

macmagic
  • 53
  • 1
  • 9
  • 1
    Does this answer your question? [Reverse proxy configuration for keycloak (Nginx)](https://stackoverflow.com/questions/44799864/reverse-proxy-configuration-for-keycloak-nginx) – Jan Garaj Nov 19 '21 at 09:39
  • Tried it but nothing so far – macmagic Nov 19 '21 at 09:51

1 Answers1

0

You need to make sure you've got your "wiring" to your ports set up correctly. JBoss (the container platform Keycloak currently runs on) generally listens on 8080 for HTTP and 8443 for HTTPS.

In your configuration you have it routing to port 80 with proxy_pass http://myapp; because that is what HTTP uses by default.

I'd suggest just pointing it at the HTTPS endpoint (or you can use HTTP on port 8080 if you really want) like so:

server{

   listen 80;

   location / {
      proxy_pass https://myapp:8443;
 }
}

We will also need to add two additional environment vars that the keycloak image uses to make things work more smoothly behind the proxy. See here for more details on these image env vars

PROXY_ADDRESS_FORWARDING as linked to by Jan Garaj

KEYCLOAK_FRONTEND_URL

   myapp:                                                                                                                     
      image: jboss/keycloak:latest                                                                                            
      container_name: myapp                                                                                                   
      ports:                                                                                                                  
        - "8443"                                                                                                              
      environment:
        - KEYCLOAK_FRONTEND_URL=http://localhost:9000/auth/
        - PROXY_ADDRESS_FORWARDING=true                                                                        
        - KEYCLOAK_USER=admin                                                                                                 
        - KEYCLOAK_PASSWORD=admin

Once everything starts up you should be able to access keycloak admin console via http://localhost:9000/auth/admin/

If this is intended for more than a development/testing setup, you should also work on configuring TLS in nginx and maybe even having real certs for the "backend" keycloak server.

jsorah
  • 111
  • 6