ShinyProxy and Keycloak on one VM

Martin_Rode · November 21, 2017, 1:29pm

Hi,

I’m trying to set up a ShinyProxy app with Keycloak on one server (it’s Google VM - Ubuntu 16.04 LTS). All should be running behind Nginx proxy.

So basically request goes via 80 -> 443 (NGINX) to ShinyProxy that runs on 8080 port. On ShinyProxy I have the Keycloak settings pointing to localhost:8180 and the Keycloak server is running on that port.

Wondering if there is any option how to make this works? Or if I need to expose the Keycloak server as public one (on a different server or at least location/subdomain)? At the moment, if I access to my public IP, I’m then redirected to localhost, which of course is not allowed to access from outside.

Hope it makes sense.

Cheers

fmichielssen · December 5, 2017, 10:45am

Hi @Martin_Rode,

If you configure ShinyProxy to use Keycloak (as a single sign-on provider), the Keycloak server must indeed be accessible on the public interface.
ShinyProxy will redirect unauthenticated users to Keycloak’s login page, and after a successful login, the user will be returned to ShinyProxy.

Note: if you are using nginx, it is also important to set the following property in application.yml:

server:
  useForwardHeaders: true

To have shinyproxy and keycloak respect the X-Forwarded-* headers.