问题
I have Keycloak behind Kong Ingress Controller. I 'm able to see keycloak welcome page at my {url}/auth/. However, when I click at Administration Console I am redirected to {url}:8443/auth/admin/master/console/
When I click at Administration Console I should be redirect to {url}/auth/admin/master/console/
When I install keycloak (with helm) on minikube exposing the the service as a NodePort service without using ingress and load balancer I'm able to access Administration Console page.
I have detailed information about this problem in this link -> https://github.com/codecentric/helm-charts/issues/17
I'm stuck in this and have no idea how to solve the problem.
回答1:
I have faced this issue may be a year ago, I remember that stupid redirect but I was not using Kong Ingress Controller, just a plain Kong. The problem I faced is that Kong runs as unprivileged user and cannot bind to low number ports. So Kong binds to 8443 ssl and places stupid redirect from 443 to 8443. I could not normally fix that and reinvented the wheel.
I used ports 80 and 443 for Kong:
ports:
- name: kong-proxy
containerPort: 80
- name: kong-proxy-ssl
containerPort: 443
- name: kong-admin
containerPort: 8001
- name: kong-admin-ssl
containerPort: 8444
Then defined new ports and capability:
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
env:
- name: KONG_PROXY_LISTEN
value: 0.0.0.0:80, 0.0.0.0:443 ssl
- name: KONG_ADMIN_LISTEN
value: 0.0.0.0:8001, 0.0.0.0:8444 ssl
After that that stupid redirect disappeared.
Hope that helps.
UPDATE
Sorry, forgot to mention that for ports 80 and 443 to work I build custom Docker image with that lines:
FROM kong:1.1.1-centos
RUN chown -R kong:kong /usr/local/kong \
&& setcap 'cap_net_bind_service=+ep' /usr/local/bin/kong \
&& setcap 'cap_net_bind_service=+ep' /usr/local/openresty/nginx/sbin/nginx
来源:https://stackoverflow.com/questions/56021042/cant-access-administration-console-page-with-keycloak-behind-kong-ingress-contr