diff --git a/src/main/cljc/dda/c4k_keycloak/keycloak.cljc b/src/main/cljc/dda/c4k_keycloak/keycloak.cljc index 8f3270f..fba3e32 100644 --- a/src/main/cljc/dda/c4k_keycloak/keycloak.cljc +++ b/src/main/cljc/dda/c4k_keycloak/keycloak.cljc @@ -62,7 +62,7 @@ (-> (yaml/load-as-edn "keycloak/configmap.yaml") (cm/replace-all-matching "NAMESPACE" namespace) - (cm/replace-all-matching "FQDN" (str "https://" fqdn))))) + (cm/replace-all-matching "FQDN" fqdn)))) (defn-spec generate-service cp/map-or-seq? [config config?] diff --git a/src/main/resources/keycloak/configmap.yaml b/src/main/resources/keycloak/configmap.yaml index bc035a7..4bc710d 100644 --- a/src/main/resources/keycloak/configmap.yaml +++ b/src/main/resources/keycloak/configmap.yaml @@ -8,9 +8,11 @@ metadata: data: KC_HTTPS_CERTIFICATE_FILE: /etc/certs/tls.crt KC_HTTPS_CERTIFICATE_KEY_FILE: /etc/certs/tls.key - # This is the hostname under which the keycloak is accessible on the internet - # This hostname actually needs to an url specifying a scheme from which a port is derived + # We trust our traefik to properly set headers + # see: https://www.keycloak.org/server/reverseproxy & https://www.keycloak.org/server/hostname + # and: https://doc.traefik.io/traefik/getting-started/faq/#what-are-the-forwarded-headers-when-proxying-http-requests KC_HOSTNAME: FQDN + KC_PROXY_HEADERS: xforwarded KC_DB: postgres KC_DB_URL_HOST: postgresql-service KC_DB_URL_PORT: "5432" diff --git a/src/test/cljc/dda/c4k_keycloak/keycloak_test.cljc b/src/test/cljc/dda/c4k_keycloak/keycloak_test.cljc index 46a1a23..83c5811 100644 --- a/src/test/cljc/dda/c4k_keycloak/keycloak_test.cljc +++ b/src/test/cljc/dda/c4k_keycloak/keycloak_test.cljc @@ -29,7 +29,8 @@ :data {:KC_HTTPS_CERTIFICATE_FILE "/etc/certs/tls.crt", :KC_HTTPS_CERTIFICATE_KEY_FILE "/etc/certs/tls.key", - :KC_HOSTNAME "https://test.de" , + :KC_HOSTNAME "test.de" , + :KC_PROXY_HEADERS "xforwarded" , :KC_DB "postgres", :KC_DB_URL_HOST "postgresql-service", :KC_DB_URL_PORT "5432",