官网地址:
https://www.keycloak.org/docs/latest/server_installation/index.html#enable-https-ssl-with-a-reverse-proxy
Assuming【如果】 that your reverse proxy【反向代理】 doesn’t use port 8443 for SSL you also need to configure what port HTTPS traffic is redirected to.
<subsystem xmlns="urn:jboss:domain:undertow:4.0">
...
<http-listener name="default" socket-binding="http"
proxy-address-forwarding="true" redirect-socket="proxy-https"/>
...
</subsystem>
Add the redirect-socket
attribute to the http-listener
element. The value should be proxy-https
which points to a socket binding you also need to define.
Then add a new socket-binding
element to the socket-binding-group
element:
<socket-binding-group name="standard-sockets" default-interface="public"
port-offset="${jboss.socket.binding.port-offset:0}">
...
<socket-binding name="proxy-https" port="443"/>
...
</socket-binding-group>