[英]Keycloak redirect nginx ingress
我已經在 AWS 上的 k8s 集群中安裝了 Keycloak。 密鑰斗篷的域是 auth.xxx.yyy.com。 我也在域 xxx.yyy.com 上有應用程序,它被 Keycloak 登錄頁面關閉。 當我嘗試獲取 xxx.yyy.com 時,它會將我重定向到帶有登錄頁面的 auth.xxx.yyy.com/auth/******。 一切都好,但我想從用戶那里關閉我的 keycloak 管理控制台。 I need to redirect auth.xxx.yyy.com to xxx.yyy.com ( now https://auth.xxx.yyy.com/ redirect me to https://auth.xxx.yyy.com/auth/admin but我只想通過直接 url獲得 keycloak 管理控制台)我希望我正確地解釋了我想要的。 我試圖在我的 keycloak 入口中進行重寫:
location !~/(auth\/) {
rewrite ^/(.*) https://xxx.yyy.com/$1 permanent;
}
並返回
if ($request_uri !~ "^/auth/\w+$") {
return 301 https://xxx.yyy.com/;
}
在nginx.ingress.kubernetes.io/server-snippet:
注釋中,但第一種情況不起作用,第二種情況會阻止我的密鑰斗篷。
這是我的入口模板:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: auth
namespace: default
resourceVersion: '63203130'
generation: 1
creationTimestamp: '2021-12-13T19:22:32Z'
labels:
app.kubernetes.io/managed-by: Helm
annotations:
kubernetes.io/ingress.class: nginx
meta.helm.sh/release-name: auth
meta.helm.sh/release-namespace: default
nginx.ingress.kuberentes.io/proxy-busy-buffer-size: 256k
nginx.ingress.kubernetes.io/cors-allow-credentials: 'true'
nginx.ingress.kubernetes.io/cors-allow-headers: >-
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
nginx.ingress.kubernetes.io/cors-allow-methods: 'GET, PUT, POST, DELETE, PATCH, OPTIONS'
nginx.ingress.kubernetes.io/cors-allow-origin: '*'
nginx.ingress.kubernetes.io/cors-max-age: '1728000'
nginx.ingress.kubernetes.io/enable-cors: 'true'
nginx.ingress.kubernetes.io/proxy-buffer-size: 256k
nginx.ingress.kubernetes.io/proxy-buffering: 'on'
nginx.ingress.kubernetes.io/proxy-buffers-number: '4'
nginx.ingress.kubernetes.io/server-snippet: |
listen 81;
add_header X-PORT $server_port always;
if ( $server_port = 81 ) {
return 301 https://$host$request_uri;
}
nginx.ingress.kubrenetes.io/proxy-buffering: 'true'
managedFields:
- manager: nginx-ingress-controller
operation: Update
apiVersion: networking.k8s.io/v1beta1
time: '2021-12-13T19:23:27Z'
fieldsType: FieldsV1
fieldsV1:
'f:status':
'f:loadBalancer':
'f:ingress': {}
- manager: kubectl
operation: Update
apiVersion: extensions/v1beta1
time: '2022-01-16T17:32:02Z'
fieldsType: FieldsV1
fieldsV1:
'f:metadata':
'f:annotations':
'f:nginx.ingress.kuberentes.io/proxy-busy-buffer-size': {}
'f:nginx.ingress.kubernetes.io/proxy-buffer-size': {}
'f:nginx.ingress.kubernetes.io/proxy-buffering': {}
'f:nginx.ingress.kubernetes.io/proxy-buffers-number': {}
'f:nginx.ingress.kubrenetes.io/proxy-buffering': {}
- manager: Go-http-client
operation: Update
apiVersion: networking.k8s.io/v1beta1
time: '2022-01-17T14:56:11Z'
fieldsType: FieldsV1
fieldsV1:
'f:metadata':
'f:annotations':
.: {}
'f:kubernetes.io/ingress.class': {}
'f:meta.helm.sh/release-name': {}
'f:meta.helm.sh/release-namespace': {}
'f:nginx.ingress.kubernetes.io/cors-allow-credentials': {}
'f:nginx.ingress.kubernetes.io/cors-allow-headers': {}
'f:nginx.ingress.kubernetes.io/cors-allow-methods': {}
'f:nginx.ingress.kubernetes.io/cors-allow-origin': {}
'f:nginx.ingress.kubernetes.io/cors-max-age': {}
'f:nginx.ingress.kubernetes.io/enable-cors': {}
'f:nginx.ingress.kubernetes.io/server-snippet': {}
'f:labels':
.: {}
'f:app.kubernetes.io/managed-by': {}
'f:spec':
'f:rules': {}
selfLink: /apis/networking.k8s.io/v1/namespaces/default/ingresses/auth
status:
loadBalancer:
ingress:
- hostname: >-
************************************************************
spec:
rules:
- host: auth.xxx.yyy.com
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: keycloak
port:
number: 5000
那么有人可以幫助我嗎?
UPD:我找到了解決方案
if ($request_uri !~ "^.*(\/auth|\/admin|\/api).*$") {
return 301 https://xxx.yyy.com/;
}
在我的情況下,解決方案是:
if ($request_uri !~ "^.*(\/auth|\/admin|\/api).*$") {
return 301 https://xxx.yyy.com/;
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.