[bitnami/keycloak] Add support for proxy-headers (#67957)

2026-03-08 02:37:20 +08:00 · 2024-07-15 12:15:32 +02:00
parent 631900141f
commit 81fc55ff04
2 changed files with 6 additions and 13 deletions
--- a/bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/keycloak-env.sh
+++ b/bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/keycloak-env.sh
@@ -54,7 +54,7 @@ keycloak_env_vars=(
    KEYCLOAK_LOG_LEVEL
    KEYCLOAK_LOG_OUTPUT
    KEYCLOAK_ROOT_LOG_LEVEL
-    KEYCLOAK_PROXY
+    KEYCLOAK_PROXY_HEADERS
    KEYCLOAK_PRODUCTION
    KEYCLOAK_EXTRA_ARGS_PREPENDED
    KEYCLOAK_DATABASE_VENDOR
@@ -161,7 +161,7 @@ export KEYCLOAK_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY="${KEYCLOAK_SPI
 export KEYCLOAK_LOG_LEVEL="${KEYCLOAK_LOG_LEVEL:-info}"
 export KEYCLOAK_LOG_OUTPUT="${KEYCLOAK_LOG_OUTPUT:-default}"
 export KEYCLOAK_ROOT_LOG_LEVEL="${KEYCLOAK_ROOT_LOG_LEVEL:-INFO}"
-export KEYCLOAK_PROXY="${KEYCLOAK_PROXY:-passthrough}"
+export KEYCLOAK_PROXY_HEADERS="${KEYCLOAK_PROXY_HEADERS:-}"
 export KEYCLOAK_PRODUCTION="${KEYCLOAK_PRODUCTION:-false}"
 export KEYCLOAK_EXTRA_ARGS_PREPENDED="${KEYCLOAK_EXTRA_ARGS_PREPENDED:-}"
 export KEYCLOAK_DATABASE_VENDOR="${KEYCLOAK_DATABASE_VENDOR:-postgresql}"
--- a/bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/libkeycloak.sh
+++ b/bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/libkeycloak.sh
@@ -42,16 +42,9 @@ keycloak_validate() {
            print_validation_error "An invalid port was specified in the environment variable ${port_var}: ${err}."
        fi
    }
-    if is_boolean_yes "$KEYCLOAK_PRODUCTION"; then
-        if [[ "$KEYCLOAK_PROXY" == "edge" ]]; then
-            # https://www.keycloak.org/server/reverseproxy
-            if is_boolean_yes "$KEYCLOAK_ENABLE_HTTPS"; then
-                print_validation_error "TLS and proxy=edge are not compatible. Please set the KEYCLOAK_ENABLE_HTTPS variable to false when using KEYCLOAK_PROXY=edge. Review # https://www.keycloak.org/server/reverseproxy for more information about proxy settings."
-            fi
-        elif ! is_boolean_yes "$KEYCLOAK_ENABLE_HTTPS"; then
-            # keycloak proxy passthrough/reencrypt requires tls
-            print_validation_error "You need to have TLS enabled. Please set the KEYCLOAK_ENABLE_HTTPS variable to true"
-        fi
+
+    if ! is_empty_value "$KEYCLOAK_PROXY_HEADERS" && ! [[ "$KEYCLOAK_PROXY_HEADERS" =~ ^(forwarded|xforwarded)$ ]]; then
+        print_validation_error "The value of KEYCLOAK_PROXY_HEADERS should be either empty, 'forwarded' or 'xforwarded'"
    fi

    if is_boolean_yes "$KEYCLOAK_ENABLE_HTTPS"; then
@@ -251,7 +244,7 @@ keycloak_configure_loglevel() {
 #########################
 keycloak_configure_proxy() {
    info "Configuring proxy"
-    keycloak_conf_set "proxy" "${KEYCLOAK_PROXY}"
+    ! is_empty_value "$KEYCLOAK_PROXY_HEADERS" && keycloak_conf_set "proxy-headers" "${KEYCLOAK_PROXY_HEADERS}"
 }

 ########################