Configuring Keycloak on Kubernetes with Nginx Proxy
Hi Everyone
Today we are going to look into the configurations required for setting up keycloak in kubernetes. In this setup we have used mysql database ( present in the cluster) . You can have yours.
We will also see the configurations related to SSL which will be configured using the proxy. So, the ssl terminates at the nginx and then the calls are forwarded to the keycloak instance.
So , lets get started.
We are expecting that you have the setups ready.
Kubernetes
Keycloak
Nginx (our loadbalancer on baremetal kubernetes setup but this could be your own nginx loadbalancer in kube cluster)
Lets have a look at our configuration in the Nginx . The Configuration below uses the letsencrypt for ssl certificates .
server {
server_name myserver.com;
#root /var/www/example.com;
#index index.html;
location / {
proxy_pass http://172.19.255.201:8080; //internal ip allocated to the service
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/myserver.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/myserver.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = myserver.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name myserver.com;
listen 80;
listen [::]:80;
return 404; # managed by Certbot
}
After above configurations are done. DO NOT forget to configure the allowed origins in your keycloak client else you will continue to see the Access-Control-Allow-Origin and Access-Control-Allow-Credentials errors.