Nginx As Reverse Proxy In Front Of Keycloak
Full-stack infrastructure with the access management server, HTTP server, and backend service which takes just a couple of minutes to set up.
Nginx is one of the most popular HTTP servers, according to W3Tech used by more than 33% of all the websites. It’s a perfect choice to serve static content and to forward client requests to servers, thus acting as a reverse proxy.
Keycloak is an open-source identity and access management service. It offers all the features you might need, like multi-factor authentication, integration with common identity providers, user federation, brute force protection, and many others.
Why not put them together? In this blog we will cover:
- Nginx serving static content
- Routing traffic to Keycloak
- Fine tunning Keycloak
- Keycloak with managed databases
- Serving over HTTPS
- Security fine tunning
- Summary
TL;DR feel free to jump to the Summary to see the full working setup.
1. Nginx serving static content
Let’s start by creating nginx.conf configuration file, which defines how the HTTP server behaves.
In the server section, we define that incoming traffic coming to port 80 and any path should be routed to the data/www folder.
The try_files directive as it is written instructs the Nginx to search for the $uri in the root and use index.html as a fallback.
Now create locally a folder named www and put some valid index.html file in it, in the next step we will map this file to the server’s data/www folder.
We have the Nginx configuration ready, but no Nginx server yet. Luckily to spin up one is a matter of seconds. Create the following docker-compose.yml file:
