Home > Mobile >  Keycloak redirect nginx ingress
Keycloak redirect nginx ingress

Time:04-12

I have installed Keycloak in my k8s cluster on AWS. Domain of the keycloak is auth.xxx.yyy.com. Also I have application on domain xxx.yyy.com and it is closed by Keycloak login page. When I try to get xxx.yyy.com it is redirect me to auth.xxx.yyy.com/auth/****** with login page. All is okay, but i want to close my keycloak admin console from users. I need to redirect auth.xxx.yyy.com to xxx.yyy.com ( now https://auth.xxx.yyy.com/ redirect me to https://auth.xxx.yyy.com/auth/admin but i want to get keycloak admin console only by direct url ) I hope i correctly explained what i want. I tried to make rewrite in my keycloak ingress:

location !~/(auth\/) {
  rewrite ^/(.*) https://xxx.yyy.com/$1 permanent;
}

and return

if ($request_uri !~ "^/auth/\w $") {
  return 301 https://xxx.yyy.com/;
}

in nginx.ingress.kubernetes.io/server-snippet: annotation, but first case don't work and second case brakes my keycloak.

Here is my ingress template:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: auth
  namespace: default
  resourceVersion: '63203130'
  generation: 1
  creationTimestamp: '2021-12-13T19:22:32Z'
  labels:
    app.kubernetes.io/managed-by: Helm
  annotations:
    kubernetes.io/ingress.class: nginx
    meta.helm.sh/release-name: auth
    meta.helm.sh/release-namespace: default
    nginx.ingress.kuberentes.io/proxy-busy-buffer-size: 256k
    nginx.ingress.kubernetes.io/cors-allow-credentials: 'true'
    nginx.ingress.kubernetes.io/cors-allow-headers: >-
      DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
    nginx.ingress.kubernetes.io/cors-allow-methods: 'GET, PUT, POST, DELETE, PATCH, OPTIONS'
    nginx.ingress.kubernetes.io/cors-allow-origin: '*'
    nginx.ingress.kubernetes.io/cors-max-age: '1728000'
    nginx.ingress.kubernetes.io/enable-cors: 'true'
    nginx.ingress.kubernetes.io/proxy-buffer-size: 256k
    nginx.ingress.kubernetes.io/proxy-buffering: 'on'
    nginx.ingress.kubernetes.io/proxy-buffers-number: '4'
    nginx.ingress.kubernetes.io/server-snippet: |
      listen 81;
      add_header X-PORT $server_port always;
      if ( $server_port = 81 ) {
        return 301 https://$host$request_uri;
      }
    nginx.ingress.kubrenetes.io/proxy-buffering: 'true'
  managedFields:
    - manager: nginx-ingress-controller
      operation: Update
      apiVersion: networking.k8s.io/v1beta1
      time: '2021-12-13T19:23:27Z'
      fieldsType: FieldsV1
      fieldsV1:
        'f:status':
          'f:loadBalancer':
            'f:ingress': {}
    - manager: kubectl
      operation: Update
      apiVersion: extensions/v1beta1
      time: '2022-01-16T17:32:02Z'
      fieldsType: FieldsV1
      fieldsV1:
        'f:metadata':
          'f:annotations':
            'f:nginx.ingress.kuberentes.io/proxy-busy-buffer-size': {}
            'f:nginx.ingress.kubernetes.io/proxy-buffer-size': {}
            'f:nginx.ingress.kubernetes.io/proxy-buffering': {}
            'f:nginx.ingress.kubernetes.io/proxy-buffers-number': {}
            'f:nginx.ingress.kubrenetes.io/proxy-buffering': {}
    - manager: Go-http-client
      operation: Update
      apiVersion: networking.k8s.io/v1beta1
      time: '2022-01-17T14:56:11Z'
      fieldsType: FieldsV1
      fieldsV1:
        'f:metadata':
          'f:annotations':
            .: {}
            'f:kubernetes.io/ingress.class': {}
            'f:meta.helm.sh/release-name': {}
            'f:meta.helm.sh/release-namespace': {}
            'f:nginx.ingress.kubernetes.io/cors-allow-credentials': {}
            'f:nginx.ingress.kubernetes.io/cors-allow-headers': {}
            'f:nginx.ingress.kubernetes.io/cors-allow-methods': {}
            'f:nginx.ingress.kubernetes.io/cors-allow-origin': {}
            'f:nginx.ingress.kubernetes.io/cors-max-age': {}
            'f:nginx.ingress.kubernetes.io/enable-cors': {}
            'f:nginx.ingress.kubernetes.io/server-snippet': {}
          'f:labels':
            .: {}
            'f:app.kubernetes.io/managed-by': {}
        'f:spec':
          'f:rules': {}
  selfLink: /apis/networking.k8s.io/v1/namespaces/default/ingresses/auth
status:
  loadBalancer:
    ingress:
      - hostname: >-
          ************************************************************
spec:
  rules:
    - host: auth.xxx.yyy.com
      http:
        paths:
          - path: /
            pathType: ImplementationSpecific
            backend:
              service:
                name: keycloak
                port:
                  number: 5000

So can someone help me?

UPD: I found solution

if ($request_uri !~ "^.*(\/auth|\/admin|\/api).*$") {
    return 301 https://xxx.yyy.com/;
}

CodePudding user response:

The solution in my case is:

if ($request_uri !~ "^.*(\/auth|\/admin|\/api).*$") {
        return 301 https://test.vee-dev.io/;
}

Page link:https//www.codepudding.com/Mobile/368727.html

Prev:Is it possible to insert one variable inside another in php?
Next:Should I be testing results or behaviors?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding