Keycloak 重定向 nginx 入口
Keycloak redirect nginx ingress
我已经在 AWS 上的 k8s 集群中安装了 Keycloak。
keycloak 的域是 auth.xxx.yyy.com。
我在域 xxx.yyy.com 上也有应用程序,它被 Keycloak 登录页面关闭。
当我尝试获取 xxx.yyy.com 时,它会将我重定向到带有登录页面的 auth.xxx.yyy.com/auth/******。
一切都很好,但我想关闭用户的 keycloak 管理控制台。
我需要将 auth.xxx.yyy.com 重定向到 xxx.yyy.com(现在 https://auth.xxx.yyy.com/ redirect me to https://auth.xxx.yyy.com/auth/admin 但我想通过直接 url 获得 keycloak 管理控制台 )
我希望我正确地解释了我想要的。
我试图在我的 keycloak ingress 中进行重写:
location !~/(auth\/) {
rewrite ^/(.*) https://xxx.yyy.com/ permanent;
}
和return
if ($request_uri !~ "^/auth/\w+$") {
return 301 https://xxx.yyy.com/;
}
在 nginx.ingress.kubernetes.io/server-snippet: 注释中,但第一种情况不起作用,第二种情况使我的密钥斗篷失效。
这是我的入口模板:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: auth
namespace: default
resourceVersion: '63203130'
generation: 1
creationTimestamp: '2021-12-13T19:22:32Z'
labels:
app.kubernetes.io/managed-by: Helm
annotations:
kubernetes.io/ingress.class: nginx
meta.helm.sh/release-name: auth
meta.helm.sh/release-namespace: default
nginx.ingress.kuberentes.io/proxy-busy-buffer-size: 256k
nginx.ingress.kubernetes.io/cors-allow-credentials: 'true'
nginx.ingress.kubernetes.io/cors-allow-headers: >-
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
nginx.ingress.kubernetes.io/cors-allow-methods: 'GET, PUT, POST, DELETE, PATCH, OPTIONS'
nginx.ingress.kubernetes.io/cors-allow-origin: '*'
nginx.ingress.kubernetes.io/cors-max-age: '1728000'
nginx.ingress.kubernetes.io/enable-cors: 'true'
nginx.ingress.kubernetes.io/proxy-buffer-size: 256k
nginx.ingress.kubernetes.io/proxy-buffering: 'on'
nginx.ingress.kubernetes.io/proxy-buffers-number: '4'
nginx.ingress.kubernetes.io/server-snippet: |
listen 81;
add_header X-PORT $server_port always;
if ( $server_port = 81 ) {
return 301 https://$host$request_uri;
}
nginx.ingress.kubrenetes.io/proxy-buffering: 'true'
managedFields:
- manager: nginx-ingress-controller
operation: Update
apiVersion: networking.k8s.io/v1beta1
time: '2021-12-13T19:23:27Z'
fieldsType: FieldsV1
fieldsV1:
'f:status':
'f:loadBalancer':
'f:ingress': {}
- manager: kubectl
operation: Update
apiVersion: extensions/v1beta1
time: '2022-01-16T17:32:02Z'
fieldsType: FieldsV1
fieldsV1:
'f:metadata':
'f:annotations':
'f:nginx.ingress.kuberentes.io/proxy-busy-buffer-size': {}
'f:nginx.ingress.kubernetes.io/proxy-buffer-size': {}
'f:nginx.ingress.kubernetes.io/proxy-buffering': {}
'f:nginx.ingress.kubernetes.io/proxy-buffers-number': {}
'f:nginx.ingress.kubrenetes.io/proxy-buffering': {}
- manager: Go-http-client
operation: Update
apiVersion: networking.k8s.io/v1beta1
time: '2022-01-17T14:56:11Z'
fieldsType: FieldsV1
fieldsV1:
'f:metadata':
'f:annotations':
.: {}
'f:kubernetes.io/ingress.class': {}
'f:meta.helm.sh/release-name': {}
'f:meta.helm.sh/release-namespace': {}
'f:nginx.ingress.kubernetes.io/cors-allow-credentials': {}
'f:nginx.ingress.kubernetes.io/cors-allow-headers': {}
'f:nginx.ingress.kubernetes.io/cors-allow-methods': {}
'f:nginx.ingress.kubernetes.io/cors-allow-origin': {}
'f:nginx.ingress.kubernetes.io/cors-max-age': {}
'f:nginx.ingress.kubernetes.io/enable-cors': {}
'f:nginx.ingress.kubernetes.io/server-snippet': {}
'f:labels':
.: {}
'f:app.kubernetes.io/managed-by': {}
'f:spec':
'f:rules': {}
selfLink: /apis/networking.k8s.io/v1/namespaces/default/ingresses/auth
status:
loadBalancer:
ingress:
- hostname: >-
************************************************************
spec:
rules:
- host: auth.xxx.yyy.com
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: keycloak
port:
number: 5000
有人可以帮助我吗?
UPD:我找到了解决方案
if ($request_uri !~ "^.*(\/auth|\/admin|\/api).*$") {
return 301 https://xxx.yyy.com/;
}
我的解决方案是:
if ($request_uri !~ "^.*(\/auth|\/admin|\/api).*$") {
return 301 https://test.vee-dev.io/;
}
我已经在 AWS 上的 k8s 集群中安装了 Keycloak。 keycloak 的域是 auth.xxx.yyy.com。 我在域 xxx.yyy.com 上也有应用程序,它被 Keycloak 登录页面关闭。 当我尝试获取 xxx.yyy.com 时,它会将我重定向到带有登录页面的 auth.xxx.yyy.com/auth/******。 一切都很好,但我想关闭用户的 keycloak 管理控制台。 我需要将 auth.xxx.yyy.com 重定向到 xxx.yyy.com(现在 https://auth.xxx.yyy.com/ redirect me to https://auth.xxx.yyy.com/auth/admin 但我想通过直接 url 获得 keycloak 管理控制台 ) 我希望我正确地解释了我想要的。 我试图在我的 keycloak ingress 中进行重写:
location !~/(auth\/) {
rewrite ^/(.*) https://xxx.yyy.com/ permanent;
}
和return
if ($request_uri !~ "^/auth/\w+$") {
return 301 https://xxx.yyy.com/;
}
在 nginx.ingress.kubernetes.io/server-snippet: 注释中,但第一种情况不起作用,第二种情况使我的密钥斗篷失效。
这是我的入口模板:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: auth
namespace: default
resourceVersion: '63203130'
generation: 1
creationTimestamp: '2021-12-13T19:22:32Z'
labels:
app.kubernetes.io/managed-by: Helm
annotations:
kubernetes.io/ingress.class: nginx
meta.helm.sh/release-name: auth
meta.helm.sh/release-namespace: default
nginx.ingress.kuberentes.io/proxy-busy-buffer-size: 256k
nginx.ingress.kubernetes.io/cors-allow-credentials: 'true'
nginx.ingress.kubernetes.io/cors-allow-headers: >-
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
nginx.ingress.kubernetes.io/cors-allow-methods: 'GET, PUT, POST, DELETE, PATCH, OPTIONS'
nginx.ingress.kubernetes.io/cors-allow-origin: '*'
nginx.ingress.kubernetes.io/cors-max-age: '1728000'
nginx.ingress.kubernetes.io/enable-cors: 'true'
nginx.ingress.kubernetes.io/proxy-buffer-size: 256k
nginx.ingress.kubernetes.io/proxy-buffering: 'on'
nginx.ingress.kubernetes.io/proxy-buffers-number: '4'
nginx.ingress.kubernetes.io/server-snippet: |
listen 81;
add_header X-PORT $server_port always;
if ( $server_port = 81 ) {
return 301 https://$host$request_uri;
}
nginx.ingress.kubrenetes.io/proxy-buffering: 'true'
managedFields:
- manager: nginx-ingress-controller
operation: Update
apiVersion: networking.k8s.io/v1beta1
time: '2021-12-13T19:23:27Z'
fieldsType: FieldsV1
fieldsV1:
'f:status':
'f:loadBalancer':
'f:ingress': {}
- manager: kubectl
operation: Update
apiVersion: extensions/v1beta1
time: '2022-01-16T17:32:02Z'
fieldsType: FieldsV1
fieldsV1:
'f:metadata':
'f:annotations':
'f:nginx.ingress.kuberentes.io/proxy-busy-buffer-size': {}
'f:nginx.ingress.kubernetes.io/proxy-buffer-size': {}
'f:nginx.ingress.kubernetes.io/proxy-buffering': {}
'f:nginx.ingress.kubernetes.io/proxy-buffers-number': {}
'f:nginx.ingress.kubrenetes.io/proxy-buffering': {}
- manager: Go-http-client
operation: Update
apiVersion: networking.k8s.io/v1beta1
time: '2022-01-17T14:56:11Z'
fieldsType: FieldsV1
fieldsV1:
'f:metadata':
'f:annotations':
.: {}
'f:kubernetes.io/ingress.class': {}
'f:meta.helm.sh/release-name': {}
'f:meta.helm.sh/release-namespace': {}
'f:nginx.ingress.kubernetes.io/cors-allow-credentials': {}
'f:nginx.ingress.kubernetes.io/cors-allow-headers': {}
'f:nginx.ingress.kubernetes.io/cors-allow-methods': {}
'f:nginx.ingress.kubernetes.io/cors-allow-origin': {}
'f:nginx.ingress.kubernetes.io/cors-max-age': {}
'f:nginx.ingress.kubernetes.io/enable-cors': {}
'f:nginx.ingress.kubernetes.io/server-snippet': {}
'f:labels':
.: {}
'f:app.kubernetes.io/managed-by': {}
'f:spec':
'f:rules': {}
selfLink: /apis/networking.k8s.io/v1/namespaces/default/ingresses/auth
status:
loadBalancer:
ingress:
- hostname: >-
************************************************************
spec:
rules:
- host: auth.xxx.yyy.com
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: keycloak
port:
number: 5000
有人可以帮助我吗?
UPD:我找到了解决方案
if ($request_uri !~ "^.*(\/auth|\/admin|\/api).*$") {
return 301 https://xxx.yyy.com/;
}
我的解决方案是:
if ($request_uri !~ "^.*(\/auth|\/admin|\/api).*$") {
return 301 https://test.vee-dev.io/;
}