need argument "--proxy-headers" if keycloak is used behind a proxy

Question

need argument "--proxy-headers" if keycloak is used behind a proxy

roumano opened this issue 6 months ago · 0 comments

SUMMARY

If keycloak is behind a proxy, in some case, we need to add the argument --proxy-headers of the start of the service

See Configure the reverse proxy headers for the detail in keycloak configuration

i propose this change on templates/keycloak.service.j2 :

{% if keycloak_quarkus_start_dev %}
ExecStart={{ keycloak.home }}/bin/kc.sh start-dev{%if keycloak_quarkus_proxy_headers is defined %} --proxy-headers {{keycloak_quarkus_proxy_headers}}{% endif %}{{ '\n' }}
{% else %}
ExecStart={{ keycloak.home }}/bin/kc.sh start --optimized{%if keycloak_quarkus_proxy_headers is defined %} --proxy-headers {{keycloak_quarkus_proxy_headers}}{% endif %}{{ '\n' }}
{% endif %}

instead of the actual :

{% if keycloak_quarkus_start_dev %}
ExecStart={{ keycloak.home }}/bin/kc.sh start-dev
{% else %}
ExecStart={{ keycloak.home }}/bin/kc.sh start --optimized
{% endif %}

So, it's can be used with this variable : keycloak_quarkus_proxy_headers: xforwarded

ISSUE TYPE

Feature Idea