two identical keycloak servers + nginx as reverse proxy

Gregory Edigarov edigarov at
Mon Nov 25 10:24:18 UTC 2019


Can somebody enlighten me please?

i have two identical keycloak servers running in HA mode via DNS 
discovery &

the dns discovery record is:

this part is working no questions.

no i am trying to add nginx to the picture:

upstream signin {

server {

         listen 443;
         ignore_invalid_headers off;
         ssl on;
         ssl_certificate /etc/ssl/my.domain.crt;
         ssl_certificate_key /etc/ssl/my.domain.key;

         access_log /var/log/nginx/access.log;
         error_log /var/log/nginx/error.log;

         location / {
             proxy_pass          http://signin;
             proxy_redirect      off;
             proxy_set_header    Host               $host;
             proxy_set_header    X-Real-IP          $remote_addr;
             proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header    X-Forwarded-Host   $host;
             proxy_set_header    X-Forwarded-Server $host;
             proxy_set_header    X-Forwarded-Port   $server_port;
             proxy_set_header    X-Forwarded-Proto  $scheme;

every request to  results in error 500, and in 
logs i see:

rewrite or internal redirection cycle while internally redirecting to 

i know exactly that keycloak part work , i could go to in my browser no problem.

More information about the nginx mailing list