Hi, I'm using nexus3-keycloak-plugin and docker-nginx-gateway to implement SSO of nexus3.
Everything goes well, but when I click the "Sigh Out" button in the nexus3 ui, it doesn't work. I got a 500 error in the browser. And the session in keycloak wasn't deleted.
Below is my nginx conf file under vhost.d
Do I miss something? Is there any other configs in nginx or keycloak?
Hope to get your reply,thanks
server {
listen 80;
server_name 1.1.1.1;
resolver 2.2.2.2;
include /etc/nginx/vhost.d/nexus3.example.com/*.conf;
set $oidc_logout_path "/logout";
set $oidc_redirect_after_logout_uri "/";
location / {
# Note: $http_host contains ip and port, but $host just contains ip only
proxy_set_header Host $http_host;
proxy_set_header X-Keycloak-Sec-Auth $http_x_remote_user:$http_x_remote_user_access_token;
# proxy_set_header Authorization $http_authorization;
# Note: make the HTTP header to be smaller
proxy_hide_header X-Remote-User-Access-Token;
set $oidc_disabled "false";
# Disable OIDC when using maven client
if ($http_user_agent ~* "^(Apache-Maven|docker)/.+$") {
set $oidc_disabled "true";
}
# And disable OIDC when the header Authorization was specified
if ($http_authorization !~* "^$") {
set $oidc_disabled "true";
}
set $oidc_realm "xxxx";
# Note: change the client id and secret to the actual value
set $oidc_client_id "xxxxx";
set $oidc_client_secret "xxxxxxx";
set $oidc_discovery "https://xxx.xx/auth/realms/$oidc_realm/.well-known/openid-configuration";
access_by_lua_file /etc/nginx/vhost.d/oidc.lua;
client_max_body_size 500M;
# Disable cache of assets
proxy_cache off;
proxy_read_timeout 600;
proxy_connect_timeout 600;
# Avoid to get address resolve error when starting
set $target http://nexus.nexus.svc.cluster.local:8081;
proxy_pass $target;
sub_filter '</body>' '<script type="text/javascript">(function inject_logout() { var oidc_disabled = "$oidc_disabled"; if (oidc_disabled === "true") { return; } var dom = document.querySelectorAll("a[id^=\'nx-header-signout-\']")[0]; if (!dom) { setTimeout(inject_logout, 500); } else { dom.addEventListener("click", function (event) { event.stopPropagation(); window.location.href = "$oidc_logout_path"; }, true); }})();</script></body>';
sub_filter_once on;
# Just for debugging, you may not want it
# header_filter_by_lua_block {
# for key, value in pairs(ngx.resp.get_headers()) do
# local val = type(value) == 'string' and {value} or value
# for k, v in ipairs(val) do
# for i=0, v:len(), 1024 do
# ngx.log(ngx.DEBUG, 'Response Header: '..key..' -> '..v:sub(i + 1, i + 1024))
# end
# end
# end
# for key, value in pairs(ngx.req.get_headers()) do
# local val = type(value) == 'string' and {value} or value
# for k, v in ipairs(val) do
# for i=0, v:len(), 1024 do
# ngx.log(ngx.DEBUG, 'Request Header: '..key..' -> '..v:sub(i + 1, i + 1024))
# end
# end
# end
# }
}
# Override the logout action of Nexus
location /service/rapture/session {
if ($request_method ~* "^DELETE$") {
# Redirect to the internal logout url
return 302 $scheme://$http_host$oidc_logout_path;
}
# Login forbidden
return 403;
}
}
Hi, I'm using nexus3-keycloak-plugin and docker-nginx-gateway to implement SSO of nexus3.
Everything goes well, but when I click the "Sigh Out" button in the nexus3 ui, it doesn't work. I got a 500 error in the browser. And the session in keycloak wasn't deleted.
Below is my nginx conf file under vhost.d
Do I miss something? Is there any other configs in nginx or keycloak?
Hope to get your reply,thanks