🔧(project) proxy Keycloak with nginx

Backend and Frontend send requests to Keycloak through Nginx. Thus, all requests from frontend and backend shared a same host when received by Keycloak. Otherwise, the flow is initiated from http://localhost:8080. When the Backend calls token endpoint from Keycloak container at http://keycloak:8080, the JWT token issuer and sender are mismatching.
2024-02-14 22:42:20 +01:00
parent 699854e76b
commit 927d0e5a22
2 changed files with 22 additions and 0 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -93,12 +93,14 @@ services:
    ports:
      - "8082:8082"
      - "8088:8088"
+      - "8083:8083"
    volumes:
      - ./docker/files/etc/nginx/conf.d:/etc/nginx/conf.d:ro
      - ./src/frontend/apps/desk/out:/home/desk
      - ./data/media:/data/media:ro
    depends_on:
      - app
+      - keycloak

  dockerize:
    image: jwilder/dockerize
@@ -152,6 +154,11 @@ services:
      - start-dev
      - --features=preview
      - --import-realm
+      - --proxy=edge
+      - --hostname-url=http://localhost:8083
+      - --hostname-admin-url=http://localhost:8083/
+      - --hostname-strict=false
+      - --hostname-strict-https=false
    environment:
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: admin
@@ -161,6 +168,7 @@ services:
      KC_DB_PASSWORD: pass
      KC_DB_USERNAME: people
      KC_DB_SCHEMA: public
+      PROXY_ADDRESS_FORWARDING: 'true'
    ports:
      - "8080:8080"
    depends_on:
--- a/docker/files/etc/nginx/conf.d/default.conf
+++ b/docker/files/etc/nginx/conf.d/default.conf
@@ -32,3 +32,17 @@ server {
  }
 }

+
+server {
+    listen 8083;
+    server_name localhost;
+    charset utf-8;
+
+    location / {
+        proxy_pass http://keycloak:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}
+