keypolt/nginx不在https中重定向(改为http)

我知道这个问题已经解决了,但是我对我的nginx技术没有足够的信心来解决这个问题:

我的应用程序和keypolt都在https域上。当我尝试从应用程序登录时,重定向不在https中:

https://keycloack.mydomain.com/auth/realms/skilltrock/protocol/openid-connect/auth?scope=openid+email&redirect_uri=http%3A%2F%2Fskilltrock.mydomain.com%2Foidc_callback&response_type=code&client_id=flask_api&access_type=offline&openid.realm=skilltrock&state=eyJjc3JmX3Rva2VuIjogImNBNXBjcHdMOWtOcHcxMUZCLWV3LXlnQW5wSjlLVmFkIiwgImRlc3RpbmF0aW9uIjogImV5SmhiR2NpT2lKSVV6VXhNaUo5LkltaDBkSEE2THk5emEybHNiSFJ5YjJOckxuZGhibTVoYm05emRYVnlkWE11WTI5dEwzQnlhWFpoZEdVaS5Tek9aVHNvRmxQVW0tcFBoXzlPaGotc3lRWW9BUWxKLUFzZU1tVXU4dGk3ekNUdWQySjNMUUlGbkRBekhXM2tqRFF1NDgtMS1PTHpJNThqSGFST2RRUSJ9

重定向在http而不是https中。 我有nginx作为反向代理,我知道问题就在这里,因为还有另一个stackoverflow问题与此相关。但我不明白作者是如何解决这个问题的(我不太擅长nginx)

keycloak redirects urls to http instead of https

下面是我的nginx子域skilltrock配置(它是前端):

server {
server_name  skilltrock.mydomain.com;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;

location / {
      proxy_pass http://0.0.0.0:8080;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

      # enable this if and only if you use HTTPS
      proxy_set_header            X-Forwarded-Proto https;
      proxy_set_header            Host $http_host;
      proxy_set_header            X-Real-IP $remote_addr;
      proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
    }


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

另一个是子域密钥斗篷

server {
server_name  keycloack.mydomain.com;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;

location / {
        proxy_pass http://0.0.0.0:9000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-Port 443;

        proxy_buffer_size 64k;
        proxy_buffers 8 64k;
        proxy_busy_buffers_size 64k;
    }


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

我的问题是我不知道我是对子域keycloack还是子域skilltrock做了错误的配置。

我的web应用程序在本地工作,即使它指向我的https keycloack url。所以我假设它是我前端的一个坏nginx配置。

提前谢谢

编辑

目前我解决了我的问题 http://skilltrock.mydomaine.com (注意http部分)在有效的重定向uri中。nginx然后将http重定向到https部分。但我不确定让keypolt这样做是否是个好主意。有安全风险吗?