I’m starting with Keycloack.
I setup it on my local machine and It’s working.
When I setup it on server using nginx as reverse proxy I’m getting this error when I try to use social medias login
Failed to make identity provider oauth callback: java.net.UnknownHostException: oauth2.googleapis.com: System error
Failed to make identity provider oauth callback: java.net.UnknownHostException: oauth2.googleapis.com: System error
I’m running the keycloak in container docker.
my nginx configuration :
server {
root /var/www/keycloak.mydomain.com/html;
index index.html index.htm index.nginx-debian.html;
server_name keycloak.mydomain.com www.keycloak.mydomain.com;
proxy_set_header X-Forwarded-For $proxy_protocol_addr; # To forward the original client's IP address
proxy_set_header X-Forwarded-Proto $scheme; # to forward the original protocol (HTTP or HTTPS)
proxy_set_header Host $host; # to forward the original host requested by the client
location / {
proxy_pass http://sismaanaim.keycloak:8080;
proxy_set_header Host $host;
proxy_redirect http://localhost:8080 https://keycloak.mydomain.com/;
}
location /js/ {
proxy_pass http://sismaanaim.keycloak:8080/js/;
proxy_set_header Host $host;
}
location /kc/ {
proxy_pass http://sismaanaim.keycloak:8080/;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_read_timeout 3000;
client_max_body_size 200M;
}
location /admin/ {
proxy_pass http://sismaanaim.keycloak:8080/admin/;
}
location /resources/ {
proxy_pass http://sismaanaim.keycloak:8080/resources/;
}
location /realms/ {
proxy_pass http://sismaanaim.keycloak:8080/realms/;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/nginx/certs/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/privkey.pem;
}
server {
if ($host = www.keycloak.mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = keycloak.mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name keycloak.mydomain.com www.keycloak.mydomain.com;
return 404; # managed by Certbot
}
my docker-compose
sismaanaim.keycloak:
container_name: sismaanaim.keycloak
image: Quay
restart: always
environment:
KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
KEYCLOAK_DATABASE_USERNAME: ${KEYCLOAK_DATABASE_USERNAME}
KEYCLOAK_DATABASE_PASSWORD: ${KEYCLOAK_DATABASE_PASSWORD}
KEYCLOAK_DATABASE: ${KEYCLOAK_DATABASE}
KEYCLOAK_DATABASE_SERVER: ${KEYCLOAK_DATABASE_SERVER}
KEYCLOAK_DB: mariadb
KEYCLOAK_DB_URL: jdbc:mariadb://${KEYCLOAK_DATABASE_SERVER}/${KEYCLOAK_DATABASE}
KEYCLOAK_DB_USERNAME: ${KEYCLOAK_DATABASE_USERNAME}
KEYCLOAK_DB_PASSWORD: ${KEYCLOAK_DATABASE_PASSWORD}
TZ: America/Sao_Paulo
command:
- "start"
- "--proxy=edge"
ports:
- 4100:8080
volumes:
- ./themes:/opt/keycloak/themes
- ./keycloak.conf:/opt/keycloak/conf/keycloak.conf
my keycloak.conf
Basic settings for running in production. Change accordingly before deploying the server.
Database
The database vendor.
db=mariadb
The username of the database user.
db-username=${KEYCLOAK_DATABASE_USERNAME}
The password of the database user.
db-password=${KEYCLOAK_DATABASE_PASSWORD}
The full database JDBC URL. If not provided, a default URL is set based on the selected database vendor.
db-url=jdbc:mariadb://${KEYCLOAK_DATABASE_SERVER}/${KEYCLOAK_DATABASE}
Observability
If the server should expose healthcheck endpoints.
health-enabled=true
If the server should expose metrics endpoints.
metrics-enabled=true
HTTP
The proxy address forwarding mode if the server is behind a reverse proxy.
proxy=edge
Do not attach route to cookies and rely on the session affinity capabilities from reverse proxy
spi-sticky-session-encoder-infinispan-should-attach-route=false
Hostname for the Keycloak server.
hostname=${KEYCLOAK_HOSTNAME}
hostname-strict=false
http-enabled=true