I'm trying to get Keycloak 3.4.3.Final
docker container to work. I'm able to load the container over http, and i'm immediately shown an https required message.
So i've setup a proxy-pass using nginx with the following configuration
events {
worker_connections 4096; ## Default: 1024
}
http {
upstream keycloak-stream {
server keycloak:8080;
}
server {
listen 443;
server_name localhost redacted.com *.redacted.com;
autoindex off;
location / {
proxy_ssl_server_name on;
proxy_pass https://keycloak-stream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
ssl on;
ssl_certificate /run/secrets/fullchain.pem;
ssl_certificate_key /run/secrets/privkey.pem;
ssl_dhparam /run/secrets/dhparam.pem;
}
}
I've set the following env:
PROXY_ADDRESS_FORWARDING=true
I seem to be getting the following error:
nginx_1 | 2018/03/27 21:48:30 [error] 7#7: *1 SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number) while SSL handshaking to upstream, client: 172.1.0.1, server: localhost, request: "GET /auth/ HTTP/1.1", upstream: "https://172.1.0.3:8080/auth/", host: "localhost.redacted.com"
What do i need to modify to get keycloak to accept https connection from nginx?
I would focus on the actual error:
ssl3_get_record:wrong version number
That means there is a mismatch in versions in client/server SSL records. So eg a client sends a SSL2 client_hello handshake message and the counterpart is configured only for SSL3/TLS1.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.