Develop Reference

keycloak docker compose behing nginx question

I have setup in docker-compose mysql, keycloack and nginx.
Changed in standalone and standalone-ha
<web-context>keycloak/auth</web-context>
so I can use keycloak under /keycloak.
If I expose 8080 keycloack port I can use it under http://localhost:8080/keycloak/auth/.
Login, changing settings etc all works fine.
So I can assume that this keycloak configuration is fine.
But I want to hide it under nginx proxy.
here is my nginx.conf:
user nginx;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type text/html;
server {
listen 8080;
location /keycloak {
proxy_pass http://keycloak:8080/keycloak/auth/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
if i go to http://localhost/keycloak or http://localhost/keycloak/auth
I see an 404 Nginx error.
I can not find this problem..
any idea how to solve this ?
thanks!
EDIT:
when i set proxy_pass http://keycloak:8080;
then url: http://localhost/keycloak/auth/ works fine,
but I wonder why if I go to http://localhost/keycloak/ I am redirected to the http://localhost/auth
any ideas ?

Nginx returning error 404 when redirect to docker containers

I have a simple application with two separated containers: one to the backend (api-container) and other to the frontend (front-container).
I`d like to configure ngnix to redirect all requests from domain api.myurl.com to backend container and all requests from myurl.com to the frontend container.
To do that I configured the ngnix, as showed below:
server {
listen 80;
server_name myurl.com;
location / {
resolver 127.0.0.11;
proxy_pass http://front-container:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 80;
server_name api.myurl.com;
location / {
resolver 127.0.0.11;
proxy_pass http://api-container:3010;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Everything works almost fine. When I access http://myurl.com everything is ok but when access another route like http://myurl.com/other the ngnix returns 404 error. This route works like a charm without ngnix.
What is wrong in my configuration?
Important: ngninx is running also in a container in the same network to other containers.

Why is my Nginx reverse proxy doing a 301 redirect instead of proxying?

I have an Nginx reverse proxy inside a docker container, which listens to port 3000 and is exposed to 3002: docker run -p "3002:3000" ....
The idea is that this reverse proxy will proxy /my-app to the instance running in my laptop on port 8080; and /my-app/api to the cloud instance, in https://my-domain.
Here's the configuration:
upstream my-laptop {
server host.docker.internal:8080; # this is a magic hostname for the laptop's IP address.
keepalive 64;
}
upstream cloud {
server my-domain.com:443;
keepalive 64;
}
server {
listen 3000;
include ssl/ssl-certs.conf;
include ssl/ssl-params.conf;
location /my-app {
proxy_pass http://my-laptop;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /my-app/api {
proxy_pass https://cloud;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
...
}
The issues are:
when I hit https://localhost:3002/my-app I get a 301 response to /my-app/ (trailing slash). I don't know why is that. The local app instance is shown in the browser, so I guess I can let it slide for the moment?
when I hit https://localhost:3002/my-app/api/students, I get a 301 response to https://cloud/my-app/api/students. This causes CORS issues, of course, and the endpoint doesn't return data.
Now, I have configured reverse proxies a couple of times, so I am completely shocked that I'm not seeing what's wrong, this is not my first time.
I have tried tweaking with the upstreams, the proxy_set_headers, compared with another reverse proxy that I have for a different app; I'm out of ideas.
What am I doing wrong?

Although the questioner's config doesn't have this particular issue, a redirect instead of proxying can also be caused by trailing slash issues, as described in the docs:
If a location is defined by a prefix string that ends with the slash character, and requests are processed by one of proxy_pass, fastcgi_pass, uwsgi_pass, scgi_pass, memcached_pass, or grpc_pass, then the special processing is performed. In response to a request with URI equal to this string, but without the trailing slash, a permanent redirect with the code 301 will be returned to the requested URI with the slash appended. If this is not desired, an exact match of the URI and location could be defined like this:
location /user/ {
proxy_pass http://user.example.com;
}
location = /user {
proxy_pass http://login.example.com;
}

The problem was my Host header in the cloud upstream, I had
proxy_set_header Host $http_host;
But it needed to be
proxy_set_header Host my-domain.com;

here is an example config for nginx as a reverse proxy which works for me,
I simplified it and removed unnecessary parts.
I hope it helps.
upstream OAUTH {
server remote_oauth;
}
server {
listen 80;
server_name example.com;
client_header_timeout 300;
location = /servies/oauth {
return 301 /services/oauth/;
}
location /services/oauth/ {
proxy_pass_request_headers on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://OAUTH/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-ROOT-URI /services/oauth;
proxy_set_header Accept-Encoding "gzip";
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
proxy_intercept_errors on;
proxy_redirect default;
client_max_body_size 4M;
}
}
I think you missed this part :
proxy_pass_request_headers on

How to configure NGINX Location for Multiple Service

I want to configure NGINX to work as a reverse proxy to other Microservices.
I am able to forward the request from NGINX to one of the microservice
if I do curl http://xx.xx.xx.xx:8080/ call did landed on consumer-portal But
its using default location configuration /
when I comment the 1st block and configure the same code for location /consumer-portal and do curl http://xx.xx.xx.xx:8080/consumer-portal
I get :
Cannot GET /consumer-portal
I have more than 10 microservice which I want to call using NGINX.
Below is my nginx.conf file
worker_processes 4;
events {
worker_connections 1024;
}
http {
sendfile on;
upstream consumer-portal {
server xx.xx.xx.xx:9006;
}
upstream publisher-portal {
server xx.xx.xx.xx:9001;
}
server {
listen 8080;
#1st Block
#location / {
# proxy_pass http://consumer-portal;
# proxy_redirect off;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Host $server_name;
#}
#2nd Block
location /consumer-portal {
proxy_pass http://consumer-portal;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
#3rd Block
location /publisher-portal/ {
proxy_pass http://publisher-portal;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
}
Also, Please let me know If I can forward the request using docker container name.
e.g instead of server xx.xx.xx.xx:9006 i want to use server consumer-portal:9006
Please suggest what changes I need to do into .conf file.

location /consumer-portal {
proxy_pass http://consumer-portal;
If your proxy_pass URL is just a domain/IP/hostname and has no URI set then Nginx will pass the full client request URL to the proxy for requests matching the location block. So here your request to
http://xx.xx.xx.xx:8080/consumer-portal will be proxied by Nginx to
http://consumer-portal/consumer-portal
If your proxy_pass URL is a domain/IP/hostname which also has a URI appended then Nginx will replace the matching part of your location block from the original client request with the URI in your directive and then proxy the resulting URL to the upstream server. So if you had proxy_pass http://consumer-portal/new/location; then a request to
http://xx.xx.xx.xx:8080/consumer-portal/account would be proxied by Nginx to
http://consumer-portal/new/location/account
As you want to remove /consumer-portal from the request to the upstream proxy the solution is as simple as adding a trailing slash to your proxy_pass directive, like this:
proxy_pass http://consumer-portal/;

Nginx configuration for trinidad-gem

How to configure nginx with Trinidad? I did a lot of Googling, but no luck. Is there any resource for a sample configuration?

just google for proxy-ing with nginx - it's likely the same is with other Ruby servers e.g.
server {
listen sample.com:80;
server_name sample.com;
root /home/trinidad/rails_app/current/;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:3000/;
}
}
in Trinidad's configuration you might want to bind to 127.0.0.1 (just add address: 127.0.0.1)