I am trying to set up shinyproxy and keycloak as containers, both behind same HAProxy configured as SSL terminator.
keycloak container exposes port 8080 to docker network A
shinyproxy container exposes port 21001 to docker network B
container with haproxy acts as SSL terminator serving two names:
mykeycloak.example.com (https) talking to keycloak:8080 over network A
myshiny.example.com (https) talking to shinyproxy:21001 over network B
keycloak has been configured to honour the X-Forwarded-For field.
hitting myshiny… correctly redirects to mykeycloak… but after authentication the browser complaints of too many redirections.
I have added the certificate used in the HAProxy to the shinyproxy container cacerts and the log indicates multiple attempts that fail with a “the certificate for mykeycloak… is not in the list of alternate names” of the certificate used in HAProxy. This is true, neither of these hostnames are in the list of the (letsencrypt) certificate.
What baffles me is why the errors point to certificate problems in my shinyproxy container when trafic should be HTTP behind the load balancer.
I am trying to emulate a situation in which the auth provider and shinyproxy are separate hosts and both behind SSL reverse proxies. Using HAProxy in this configuration because I’ve been given only one internal IP address to experiment.
Any pointers to how to solve will be appreciated. Using Rancher as container manager, all stacks in single host.