I'm trying to make IIS work with Keycloak. For now, the task is simple. I want to run keycloak on port 8010 and IIS rewrite it to port 60606.
But when I go to http://localhost:60606, it redirects me to http://localhost:60606/admin and shows an error ERR_TOO_MANY_REDIRECTS in the browser.
My keycloak settings:
health-enabled=true
hostname=http://localhost:60606/
proxy-headers forwarded
http-port=8010
http-enabled true
IIS web.config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Reverse Proxy to Auth" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Rewrite" url="http://localhost:8010" logRewrittenUrl="true" />
<serverVariables>
</serverVariables>
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Browser:
Tried to clear cookies, another brouwer etc. Nothing helped.
I'm trying to make IIS work with Keycloak. For now, the task is simple. I want to run keycloak on port 8010 and IIS rewrite it to port 60606.
But when I go to http://localhost:60606, it redirects me to http://localhost:60606/admin and shows an error ERR_TOO_MANY_REDIRECTS in the browser.
My keycloak settings:
health-enabled=true
hostname=http://localhost:60606/
proxy-headers forwarded
http-port=8010
http-enabled true
IIS web.config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Reverse Proxy to Auth" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Rewrite" url="http://localhost:8010" logRewrittenUrl="true" />
<serverVariables>
</serverVariables>
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Browser:
Tried to clear cookies, another brouwer etc. Nothing helped.
Share Improve this question edited Mar 12 at 6:49 Lex Li 63.5k11 gold badges124 silver badges161 bronze badges asked Mar 12 at 6:16 Stas BZStas BZ 1,3021 gold badge19 silver badges37 bronze badges1 Answer
Reset to default 0Summary of what I did to fix it:
1) Download zip windows version of keycloak. Setup keycloak.conf:
db=mssql
db-username=keycloak
db-password=keycloak
db-url=jdbc:sqlserver://localhost;databaseName=keycloak;encrypt=false;trustServerCertificate=true
health-enabled=true
proxy=edge
hostname=xxx.xxx
proxy-headers=xforwarded
http-enabled=true
transaction-xa-enabled=false
http-port=8010
Create IIS web site MyKeycloak and reference it to an empty directory. There will be web.config file.
After you setup reverse proxy, web.config file should look like this:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://localhost:8010/{R:1}" />
<serverVariables>
<set name="HTTP_X_Forwarded_Proto" value="https" />
<set name="HTTP_X_Forwarded_Host" value="xxx.xxx" />
</serverVariables>
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
You should setup all this settings via IIS UI, then it will ask you to install additional components.
Go IIS -> Application Request Routing Cache -> Server Proxy Settings. Uncheck "Reverse rewrite host in response headers"
Make keycloak work as service. We did it via NSSM.