Skip to content
This repository has been archived by the owner on Dec 7, 2020. It is now read-only.

App context/vhosts domains in the upstream config #280

Closed
jangaraj opened this issue Sep 26, 2017 · 6 comments
Closed

App context/vhosts domains in the upstream config #280

jangaraj opened this issue Sep 26, 2017 · 6 comments

Comments

@jangaraj
Copy link
Contributor

As a developer I want to use keycloak-proxy as a standard reverse proxy. That means I want to use app context in the upstream setting, for example: https://domain.com/app-context/ or I want to use it with the domain, where virtual hosts are enabled (Host header needs to be part of the upstream request).

Will it be possible?
@gambol99 gambol99 self-assigned this Sep 30, 2017
@pjeby pjeby mentioned this issue Nov 28, 2017
Merged
@pjeby
Copy link
Contributor

pjeby commented Dec 21, 2017

As of 2.1.0, you can now set the Host: header in your headers:.

@jangaraj
Copy link
Contributor Author

Sure, it's partial improvement. But some legacy apps need also context (/something).

@pjeby
Copy link
Contributor

pjeby commented Dec 24, 2017

Probably that means prefixing req.URL.Path with the r.endpoint.Path in that same bit of code. I don't actually have a use-case for this at the moment, so I'm not currently motivated to slog through the escaping and other issues. I did find an example of reverse proxy code here, and translating what it does comes out to:

req.URL.Path = singleJoiningSlash(r.endpoint.Path, req.URL.Path)

But I am uncertain what happens to any URL escaping in the paths, since this is manipulating Path and not RawPath. Close reading of the net/url/url.go source suggests that the above is probably correct, but it will alter the form of some escaped URLs.

(The code sample I linked also included some query string manipulation (to add query params from the reverse proxy target); that code would probably work here as well; at least it manipulates encoded paths. But I'm not clear on the use case for always adding query params, vs. the one for a path prefix.)

Anyway, you can try adding that code to the source and see if it works for you.

@pjeby
Copy link
Contributor

pjeby commented Dec 24, 2017

Hm. By the way, it looks like X-Forwarded-Host was supposed to be the original URL host, but the way the forwarding code is written, it's been sending the target host instead. The req.Header manipulations should be before the URL manipulation.

@Kurt108
Copy link

Kurt108 commented Jan 19, 2018

indeed the X-Forwarded-Host-value is set wrong. This breaks clients (e.G. my symfony-app) which rely on this value. Hope this could be fixed in the next release. Thanks for this great software!

@abstractj
Copy link

@jangaraj thanks for taking your time reporting this. The repository keycloak-proxy was moved to Keycloak organization and renamed to keycloak-gatekeeper. If you still think this issue is valid, please read https://www.keycloak.org/community.html and report your bug/feature request to https://issues.jboss.org/browse/KEYCLOAK.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@abstractj @jangaraj @pjeby @gambol99 @Kurt108