如何使用 nginx ingress 访问子路径上的 keycloak?
How to access keycloak on subpath with nginx ingress?
我的 EKS 集群中有 nginx 入口控制器和 keycloak 我试图将它暴露在子路径上 (myhost.com/keycloak) 但它不起作用所以经过几次研究我发现我应该添加这个 env 变量到 keycloak 部署:PROXY_ADDRESS_FORWARDING=true 现在我只能通过 myhost.com/auth 访问它。那么有什么方法可以自定义该路径
像 myhost.com/keycloak
这是我的 Ingress 资源:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: "keycloak-ingress"
annotations:
kubernetes.io/ingress.class: nginx
labels:
app: keycloak-ingress
spec:
rules:
- host: myhost.com
http:
paths:
- path: /auth
backend:
serviceName: keycloak
servicePort: 8080
Manage-subsystem 配置文档说:
Low-level configuration of Keycloak is done by editing the standalone.xml, standalone-ha.xml, or domain.xml file in your distribution. The location of this file depends on your operating mode.
While there are endless settings you can configure here, this section will focus on configuration of the keycloak-server subsystem. No matter which configuration file you are using, configuration of the keycloak-server subsystem is the same.
The keycloak-server subsystem is typically declared toward the end of the file like this:
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
<web-context>auth</web-context>
...
</subsystem>
Note that anything changed in this subsystem will not take effect until the server is rebooted.
这导致默认入口点为:http://localhost:8080/auth .
and now i can only access it through myhost.com/auth
您可以在 standalone.xml 中调整您的配置,并将 auth 替换为 keycloak 。此外,还需要调整 ingress.yaml 中的 path .
希望对您有所帮助。
我的 EKS 集群中有 nginx 入口控制器和 keycloak 我试图将它暴露在子路径上 (myhost.com/keycloak) 但它不起作用所以经过几次研究我发现我应该添加这个 env 变量到 keycloak 部署:PROXY_ADDRESS_FORWARDING=true 现在我只能通过 myhost.com/auth 访问它。那么有什么方法可以自定义该路径 像 myhost.com/keycloak
这是我的 Ingress 资源:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: "keycloak-ingress"
annotations:
kubernetes.io/ingress.class: nginx
labels:
app: keycloak-ingress
spec:
rules:
- host: myhost.com
http:
paths:
- path: /auth
backend:
serviceName: keycloak
servicePort: 8080
Manage-subsystem 配置文档说:
Low-level configuration of Keycloak is done by editing the standalone.xml, standalone-ha.xml, or domain.xml file in your distribution. The location of this file depends on your operating mode.
While there are endless settings you can configure here, this section will focus on configuration of the keycloak-server subsystem. No matter which configuration file you are using, configuration of the keycloak-server subsystem is the same.
The keycloak-server subsystem is typically declared toward the end of the file like this:
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1"> <web-context>auth</web-context> ... </subsystem>Note that anything changed in this subsystem will not take effect until the server is rebooted.
这导致默认入口点为:http://localhost:8080/auth .
and now i can only access it through myhost.com/auth
您可以在 standalone.xml 中调整您的配置,并将 auth 替换为 keycloak 。此外,还需要调整 ingress.yaml 中的 path .
希望对您有所帮助。