Skip to content
/ nginx-keycloak Public

Set NGINX as a reverse proxy with Keycloak SSO in front of your web applications.

16 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

flavienbwk/nginx-keycloak

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits

.github/workflows

.github/workflows

 
 

logs

logs

 
 

.env.example

.env.example

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

README.md

README.md

 
 

docker-compose.yml

docker-compose.yml

 
 

nginx-roles.conf.template

nginx-roles.conf.template

 
 

nginx.conf.template

nginx.conf.template

 
 

Repository files navigation

Nginx Keycloak

Linux build of nginx-keycloak

Setting NGINX as a reverse proxy with Keycloak SSO in front of your web applications.

Getting started

Configuring Keycloak

  1. Set-up .env and edit variable values

    cp .env.example .env

  2. Start Keycloak

    docker-compose up -d keycloak

  3. Go to http://localhost:3333 and login with your credentials

  4. In the master realm, we are going to create a client

    1. In sidebar, click "Clients" and click on the "Create" button. Let's call it NginxApps.
    2. In NginxApps client parameters :
      1. Add a "Valid Redirect URI" to your app : http://localhost:3002/* (don't forget clicking "+" button to add the URL, then "Save" button)
      2. Set the "Access type" to confidential
    3. In the "Credentials" tab, retrieve the "Secret" and set KEYCLOAK_SECRET in your .env file

  5. Go to "Users" in the sidebar and create one. Edit its password in the "Credentials" tab.

Simple user authentication

With this method, being a registered user is sufficient to access your apps.

If you choose this method, you're already set. Just run :

docker-compose up -d nginx app_1

You can now visit http://localhost:3002 to validate the configuration.

Role-based / per-app user authentication

Let's say you want only specific users to be able to access specific apps. We have to create a role for that.

  1. In sidebar, click "Clients"

  2. Select the NginxApps client and go to the "Roles" tab

  3. Top right, click the "Add Role" button and create one with name NginxApps-App1

    ℹ️ 1 role = 1 app

Now we want to attribute this role to our user.

  1. In sidebar, click "Users"
  2. Click "Edit" on the user you want to add the role to
  3. Go to the "Role Mappings" tab
  4. Select the "Client Roles" NginxApps and assign the NginxApps-App1 role by selecting it and clicking "Add selected"

In our docker-compose configuration, edit the NGINX configuration mount point to be ./nginx-roles.conf.template instead of ./nginx.conf.template.

ℹ️ If you want to name your role differently, you can edit the expected name in ./nginx-roles.conf.template in the contains(client_roles, "NginxApps-App1") line.

Start NGINX and the app :

docker-compose up -d nginx app_1

You can now visit http://localhost:3002 to validate the configuration.

Credits

About

Set NGINX as a reverse proxy with Keycloak SSO in front of your web applications.

Topics

docker nginx keycloak sso

Resources

Readme
Activity

Stars

16 stars

Watchers

3 watching

Forks

3 forks
Report repository

Packages

No packages published

Languages