在nginx后面的linux上部署JHipster生成的keycloak导致https错误“Mixed Content:页面在“

zvokhttg  于 2023-08-03  发布在  Nginx
关注(0)|答案(1)|浏览(138)

我使用jhipster生成器,生成应用程序后,这是我的keycloak.yml文件:

version: '3.8'
services:
  keycloak:
    image: quay.io/keycloak/keycloak:19.0.1
    command: ['start-dev --import-realm --http-relative-path=/auth']
    volumes:
      - ./realm-config:/opt/keycloak/data/import
 #     - /etc/ssl/certs:/etc/x509/certs
#      - /etc/ssl/certs:/e
#      - /etc/ssl/certs/auth-website.crt:/etc/ssl/certs
#      - /etc/ssl/private:/etc/ssl/private
    environment:
      - KC_DB=dev-file
      - KEYCLOAK_ADMIN=xxxxx
      - KEYCLOAK_ADMIN_PASSWORD=xxxxx
      - KC_FEATURES=scripts
      - KC_HTTP_PORT=9080
      - KC_HTTPS_PORT=9443
#      - KC_HOSTNAME=auth.website.com
#      - KEYCLOAK_FRONTEND_URL=https://auth.website.com/auth
#      - PROXY_ADDRESS_FORWARDING=true
#      - KC_HTTPS_CERTIFICATE_FILE=/etc/ssl/certs/auth-website.crt
#      - KC_HTTPS_CERTIFICATE_KEY_FILE=/etc/ssl/private/auth-website.key
#      - KC_HTTPS_CERTIFICATE_FILE=/etc/ssl/certs/auth-website.crt
#      - KC_HTTPS_CERTIFICATE_KEY_FILE=/etc/ssl/private/auth-website.key
    # If you want to expose these ports outside your dev PC,
    # remove the "127.0.0.1:" prefix
    ports:
      - 9080:9080
      - 9443:9443

字符串
我的nginx文件是:

server {
    server_name auth.website.com;
    return 301 https://auth.website.com$request_uri;
}
server {

#    listen 443 ssl http2;
    listen 443 ssl;
    ssl_certificate /etc/ssl/certs/website.crt;
    ssl_certificate_key /etc/ssl/private/website.key;
    add_header Content-Security-Policy "frame-src 'self' http://auth.website>

    server_name auth.website.com www.auth.website.com;
    index index.html index.htm;
    access_log /var/log/nginx/auth-website.log;
    error_log  /var/log/nginx/auth-website-error.log error;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_buffer_size   128k;
        proxy_buffers   4 256k;
        proxy_busy_buffers_size   256k;
        proxy_pass http://website_ip_address:9080;
        proxy_redirect off;
    }

    location /auth {
        proxy_pass http://localhost:9080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}


`当我尝试访问https://auth.website.com/auth/时,一切都按预期运行,但对于url https://auth.website.com/auth/admin/master/console/处的管理控制台,我得到的页面总是显示“正在加载管理控制台”和控制台错误:拒绝构建“http://auth.website.com/”,因为它违反了以下内容安全策略指令:“frame-src 'self'"。
我认为keycloak试图使用http而不是https加载一些东西。我在这一点上卡住了。
我已经尝试了很多改变的sites-available文件和keycloak.yml,但没有固定的问题。

nginx

1条答案

按热度按时间
kognpnkq

kognpnkq1#

请将KC_PROXY: edge添加到keycloak docker容器的环境变量中。如果你在一个代理后面运行keycloak,这是必须的。
你可以在这里找到更多关于这个的文档:https://www.keycloak.org/server/reverseproxy

赞(0)分享  回复(0)举报  2023-08-03
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com