I had a service running on AWS with a load balancer (dns name is my-loadbalancer-1234567890.us-west-2.elb.amazonaws.com).
I also created a CNAME record with name api.mydomain.com and value my-loadbalancer-1234567890.us-west-2.elb.amazonaws.com.
But when setting Valid redirect URIs to https://api.mydomain.com/*, it doesn't work. Keycloak automactically resolves and changes redirect uri to my-loadbalancer-1234567890.us-west-2.elb.amazonaws.com, and show error:
Do I miss anything? Please help me!
Related
I have an application that runs fine in AWS App Runner and can be found here: https://iyarles.net
However, it's not accessible via the naked domain name iyarles.net.
Clarification comment: If I goto iyarles.net in my browser (edge), the request times out. If I goto iyarles.net, my website loads fine.
The App Runner service has a custom domain configured and my hosted zone has the 2 certificate validation records and the alias record pointing to my service.
A few weeks ago I transferred my domain from Google Domains to Route 53. It was originally a redirect from iyarles.net or any other subdomain (with or without https://) to the default domain for my service.
How can I replicate the previous behavior? What exactly are these alias records doing?
When you type the hostname into the browsers address bar, browsers will assume you want to make a plain HTTP request.
When you explicitly include the https: scheme, browsers will make a secure HTTP request.
Your server is running an encrypted service on port 433. It is not running a plain service on port 80.
It times out if you type http://iyarles.net too.
The issue is that the custom domain configured in AWS App Runner is not accessible via the naked domain name, iyarles.net. To replicate the previous behavior, you will need to create an Alias Record in your hosted zone in Route 53, which will point your domain name to the service URL.
The Alias Record is used to route traffic from a domain name to the service URL. It will ensure that any requests to the domain name will be routed to the service URL, thereby allowing your application to be accessible via the naked domain name.
It is important to note that you will also need to create two Certificate Validation Records in your hosted zone in Route 53. These records are used to validate the SSL Certificate for your domain name, which is necessary for HTTPS connections.
I have installed keycloak using helm.
A Traefik ingress is created to allow access from public
After the admin password is created from localhost:8080, i am able to login into admin console only when i am port forwarded and local access.
When i use the public url and click on admin console, it redirects to https://website/auth/admin/master/console/ and shows a blank page.
I found the problem but when i change the servicePort: https inside ingress, i get an internal server error
status code 500.
when i use http port,i get these errors:
Mixed Content: The page at 'https://url/auth/admin/master/console/' was loaded over HTTPS, but requested an insecure script 'http://url/auth/js/keycloak.js?version=mxda6'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at 'https://url.ca/auth/admin/master/console/' was loaded over HTTPS, but requested an insecure script 'http://url/auth/js/keycloak.js?version=mxda6'. This request has been blocked; the content must be served over HTTPS.
i looked through traefik logs:
level=debug msg="'500 Internal Server Error' caused by: x509: cannot validate certificate for x.x.x.x because it doesn't contain any IP SANs"
I found a fix but it still doesn't answer my question why when ingress points to https, it doesnt work. Is there an answer?
So the fix is to add this under ENV in the statefulset keycloak deployment.
In the ingress, the service port is http
- name: PROXY_ADDRESS_FORWARDING
value: "true"
i found it at https://github.com/eclipse/che/issues/9429
I had the same issue. The white screen isn't helpful, but the browser console is. It is blocking mixed content, namely the script http://url/auth/js/keycloak.js?version=mxda6.
The documentation on Docker Hub says:
Specify frontend base URL
To set a fixed base URL for frontend requests use the following environment value (this is highly recommended in production):
KEYCLOAK_FRONTEND_URL: Specify base URL for Keycloak (optional, default is retrieved from request)
I provided the external url with https scheme in my manifest and the script in question is now appearing in the index.html as https url.
- name: KEYCLOAK_FRONTEND_URL
value: "https://url/auth"
Since it is "highly recommended" I suppose there are more slight problems without this variable set, like other links being generated wrong, e.g. in emails though I didn't check that yet.
I have setup an application in openshift and it is accessible through https://test-uat-ex.com which is a route for the application in openshift.
I have registered a domain called example.com and added https://test-uat-ex.com as a CNAME record to newly registered domain.
I am able to access the application using openshift route URL. But, when I access the newly created domain call example.com, I am getting
Service unavailable 503 error.
I want to redirect my subdomain to specific URI without making any changes to my code.
I found the domain forwarding services from Bigrock, they have a sub-domain forwarding service which specifies all subdomains will be redirected as "subdomain.mydomain.com to yourdestinationurl/subdomain/"
I replaced yourdestinationurl, with www.mydomain.com but it's not working.
Am I doing something wrong?Is there any alternative way to do this?
You may create the subdomain in the DNS Manager/Domain name zone file and point it to any URL using 'URL-Redirect' DNS record.
In other words, you need to login into the account of your domain name registrar (if the domain name is delegated to the default nameservers) or into your hosting cPanel (if you have a hosting plan). Then you need to find where to configure DNS records and configure URL-Redirect (also called URL-Forwarding) for your subdomain.
There is no need to have any plugins.
I'm having a problem using Facebook object debugger ( https://developers.facebook.com/tools/debug/og/object/ ) to scrape information from my page and i'm
getting the error "Could not resolve the hostname into a valid IP address." as you can see bellow
This website hosted in Azure, as an Web App.
Everything looks ok on the domain registrar, i have an A record pointing to the public IP and a CNAME pointing to xxx.azurewebsites.net.
You may want to try removing the A record and redirecting the root to www.