keycloak-aplcache

Added documentation to specify https redirect port

6/18/2014 7:08:06 AM

Stian Thorgersen

Commit: 34eb34c

Tree: 3f056f3

Parents: 28adc28

Changes

docbook/reference/en/en-US/modules/server-installation.xml 17(+14 -3)

Details

docbook/reference/en/en-US/modules/server-installation.xml 17(+14 -3)

diff --git a/docbook/reference/en/en-US/modules/server-installation.xml b/docbook/reference/en/en-US/modules/server-installation.xml
index f93d579..d7428d6 100755
--- a/docbook/reference/en/en-US/modules/server-installation.xml
+++ b/docbook/reference/en/en-US/modules/server-installation.xml
@@ -510,16 +510,27 @@ keycloak-war-dist-all-1.0-beta-3-SNAPSHOT/
                     Follow the documentation for your web server to enable SSL and configure reverse proxy for Keycloak.
                     It is important that you make sure the web server sets the <literal>X-Forwarded-For</literal> and
                     <literal>X-Forwarded-Proto</literal> headers on the requests made to Keycloak. Next you need to enable
-                    <literal>proxy-address-forwarding</literal> on the Keycloak http connector. This is done by editing
-                    <literal>standalone/configuration/standalone.xml</literal>.
+                    <literal>proxy-address-forwarding</literal> on the Keycloak http connector. Assuming that your reverse
+                    proxy doesn't use port 8443 for SSL you also need to configure what port http traffic is redirected to.
+                    This is done by editing <literal>standalone/configuration/standalone.xml</literal>.
                 </para>
+                First add <literal>proxy-address-forwarding</literal> and <literal>redirect-socket</literal> to the <literal>http-listener</literal>
+                element:
                 <para>
 <programlisting><![CDATA[<subsystem xmlns="urn:jboss:domain:undertow:1.1">
     ...
-    <http-listener name="default" socket-binding="http" proxy-address-forwarding="true"/>
+    <http-listener name="default" socket-binding="http" proxy-address-forwarding="true" redirect-socket="proxy-https"/>
     ...
 </subsystem>
 ]]></programlisting>
+                Then add a new <literal>socket-binding</literal> element to the <literal>socket-binding-group</literal> element:
+<programlisting><![CDATA[
+<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
+    ...
+    <socket-binding name="proxy-https" port="443"/>
+    ...
+</socket-binding-group>
+]]></programlisting>
                 </para>
                 <para>
                     Check the <ulink url="https://docs.jboss.org/author/display/WFLY8/Undertow+(web)+subsystem+configuration">WildFly</ulink> documentation for more information.