Traefik

Keycloak “Invalid redirect_uri” behind Caddy, Traefik, and k3s – a Debugging Journey When all you get after a Keycloak login is “Invalid parameter: redirect_uri”, the problem rarely lies with Keycloak itself. In my case, the investigation led through three proxy layers down to a SNAT rule in the Kubernetes network. This post documents the debugging path from error message to solution. Starting Point The application is a Spring Boot 3 web project connected to a self-hosted Keycloak via OAuth2/OIDC. The infrastructure looks like this: ...

This task was astonishingly hard to configure. In my K3S cluster I have a Traefik reverse proxy deployed. What I wanted to achieve was: Make my apps accessible from the internet Automate TLS certificate provision Protect apps with basic auth Step 1 involved opening http and https ports to my clusters master node IP address. Traefik was quite easily deployed through its Helm-Chart. This is my values.yaml. As Ionos is my domain hoster, I’m using their DNS challenge provider to generate Let’s Encrypt-Certificates: ...