I'm trying to make IIS work with Keycloak. For now, the task is simple. I want to run keycloak on port 8010 and IIS rewrite it to port 60606.

But when I go to http://localhost:60606, it redirects me to http://localhost:60606/admin and shows an error ERR_TOO_MANY_REDIRECTS in the browser.

My keycloak settings:

health-enabled=true
hostname=http://localhost:60606/
proxy-headers forwarded

http-port=8010
http-enabled true

IIS web.config:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="Reverse Proxy to Auth" enabled="true" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
                    <action type="Rewrite" url="http://localhost:8010" logRewrittenUrl="true" />
                    <serverVariables>
                    </serverVariables>
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

Browser:

Tried to clear cookies, another brouwer etc. Nothing helped.

I'm trying to make IIS work with Keycloak. For now, the task is simple. I want to run keycloak on port 8010 and IIS rewrite it to port 60606.

But when I go to http://localhost:60606, it redirects me to http://localhost:60606/admin and shows an error ERR_TOO_MANY_REDIRECTS in the browser.

My keycloak settings:

health-enabled=true
hostname=http://localhost:60606/
proxy-headers forwarded

http-port=8010
http-enabled true

IIS web.config:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="Reverse Proxy to Auth" enabled="true" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
                    <action type="Rewrite" url="http://localhost:8010" logRewrittenUrl="true" />
                    <serverVariables>
                    </serverVariables>
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

Browser:

Tried to clear cookies, another brouwer etc. Nothing helped.

• iis
• keycloak
• reverse-proxy

Share Improve this question Follow edited Mar 12 at 6:49 Lex Li 63.5k1111 gold badges124124 silver badges161161 bronze badges asked Mar 12 at 6:16 Stas BZStas BZ 1,30211 gold badge1919 silver badges3737 bronze badges

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

Summary of what I did to fix it:

1) Download zip windows version of keycloak. Setup keycloak.conf:

db=mssql
db-username=keycloak
db-password=keycloak
db-url=jdbc:sqlserver://localhost;databaseName=keycloak;encrypt=false;trustServerCertificate=true
health-enabled=true
proxy=edge
hostname=xxx.xxx
proxy-headers=xforwarded
http-enabled=true
transaction-xa-enabled=false
http-port=8010

2. Create IIS web site MyKeycloak and reference it to an empty directory. There will be web.config file.

3. After you setup reverse proxy, web.config file should look like this:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="ReverseProxyInboundRule1" stopProcessing="true">
                    <match url="(.*)" />
                    <action type="Rewrite" url="http://localhost:8010/{R:1}" />
                    <serverVariables>
                        <set name="HTTP_X_Forwarded_Proto" value="https" />
                        <set name="HTTP_X_Forwarded_Host" value="xxx.xxx" />
                    </serverVariables>
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

You should setup all this settings via IIS UI, then it will ask you to install additional components.

4. Go IIS -> Application Request Routing Cache -> Server Proxy Settings. Uncheck "Reverse rewrite host in response headers"

5. Make keycloak work as service. We did it via NSSM.