Hallo everybody!
I try to put dashboard behind keycloak gatekeeper to get advanced auth options.
docker-compose.yaml:
version: '3.7'
services:
traefik:
image: traefik:v2.2
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.yaml:/traefik.yaml
- ./acme.json:/acme.json
env_file:
- acme.env
networks:
- proxy
gatekeeper:
image: quay.io/keycloak/keycloak-gatekeeper:9.0.2
command:
- --listen=0.0.0.0:3000
- --discovery-url=https://auth.dev.whizus.net/auth/realms/whizus
- --client-id=traefik
- --client-secret=<some-secret>
- --redirection-url=https://dashboard.dev.whizus.net/
- --enable-refresh-tokens=true
- --upstream-url=http://traefik:8080/
- --encryption-key=<some-key>
networks:
- proxy
labels:
- traefik.enable=true
- traefik.http.routers.gk.rule=Host(`dashboard.dev.whizus.net`)
- traefik.http.routers.gk.tls.certresolver=letsencrypt
- traefik.http.routers.gk.tls.domains[0].main=dev.whizus.net
- traefik.http.routers.gk.tls.domains[0].sans=*.dev.whizus.net
- traefik.http.routers.gk.entrypoints=websecure
- traefik.http.services.gk.loadbalancer.server.port=3000
- traefik.http.routers.gk.tls=true
networks:
proxy:
external:
name: proxy
relevant traefik.yaml parts:
api:
dashboard: true
insecure: true
providers:
docker:
exposedByDefault: false
network: proxy
entryPoints:
web:
address: ":80"
http:
redirections:
entrypoint:
to: websecure
websecure:
address: ":443"
certificatesResolvers:
letsencrypt:
acme:
...
Curious thing now is that if I go to http://dashboard.dev.whizus.net I will be redirected, which is expected, then after successful login I'm redirected back but to http://traefik:8080/dashboard/.
When I manually type http://dashboard.dev.whizus.net/dashboard/ everything works as expected. I thing I need to put some middleware for path redirection (tried with build-in, no success).
Does anyone has an idea whats missing/wrong?