keycloak 11.0.2 版本使用https

生成 SSL 证书

生成私钥：

openssl genpkey -algorithm RSA -out privateKey.pem -pkeyopt rsa_keygen_bits:2048

生成证书签名请求 (CSR)：

openssl req -new -key privateKey.pem -out certificate.csr

生成自签名证书：

openssl x509 -req -days 365 -in certificate.csr -signkey privateKey.pem -out certificate.crt

配置 Nginx 代理

server {
    listen 8080;
    listen 443 ssl;
    server_name localhost;
    
    ssl_certificate certificate.crt;
    ssl_certificate_key privateKey.pem;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    
    location / {
        proxy_pass http://keycloak.demofor.cn:8080;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_redirect http://$scheme://;
    }
}