Kong/keycloak behind nginx

I’ve setup Kong behind NGINX (LB).
Everything works perfectly. I could access my microservice through NGINX.

NGINX - > Kong - > Microservice.

I added Keycloak through Kong OIDC plugin (Nokia) and it return 502 Bad Gateway.

Looking at the kong stdout… it looks like the redirect added session_state & code.

> 10.244.0.0 - - [29/Jul/2019:07:48:28 +0000] "GET /block/exist?hash=faae1eb2749c3a41f00e0aa7c60d4726 HTTP/1.0" 302 167 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
> 10.244.0.0 - - [29/Jul/2019:07:48:28 +0000] "GET /block/exist/?state=e22eebb6ad94bc4cb708ff52e9eabee8&session_state=9cc3a6c2-d4de-4af2-b8fa-55cf69b09ee0&code=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..alp9VAD5PeY3jO8aC5COpA.-9V0Vlkz8Rk4ul83ChgD1p-tzOce6yfe8v3IegTJPdj6oSQgsHz5wf6N8d_PYXSweJeDqze5LMalaHBF92RJttMfCQMZx150msMDPET2-JuvSwZ7TLBG7J054LLgM7AoEWSCYcNrDaX0Pu2evSqPlCnP3tf7QxxS--rvIBGZLqNjJlHCJpfxY-rRimpHnHqwNnDlonHdhE0T-xpvNyBLzHWZz59r67-Z7mhIAV8H0r4bdlWt-k-UmUmCZU4MP76D.vCyLNYJZaZ1LxhJR2QUyBQ HTTP/1.0" 302 167 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"

If I access from directly from Kong (OIDC) - > Microservice, it was able to authenticate and redirect to get to the microservice. No issue.

Only from NGINX it breaks. Any configuration in NGINX that I need to set?


© 2018 Kong Inc.    Terms  •  Privacy  •  FAQ