From 81fc55ff0491aa30e75915362f0a52c5cd080e0c Mon Sep 17 00:00:00 2001
From: Jakub Jaruszewski <jjaruszewski@outlook.com>
Date: Mon, 15 Jul 2024 12:15:32 +0200
Subject: [PATCH] [bitnami/keycloak] Add support for proxy-headers (#67957)

---
 .../rootfs/opt/bitnami/scripts/keycloak-env.sh    |  4 ++--
 .../rootfs/opt/bitnami/scripts/libkeycloak.sh     | 15 ++++-----------
 2 files changed, 6 insertions(+), 13 deletions(-)

diff --git a/bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/keycloak-env.sh b/bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/keycloak-env.sh
index 7e8000154489..a72e3f1ba8cb 100644
--- a/bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/keycloak-env.sh
+++ b/bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/keycloak-env.sh
@@ -54,7 +54,7 @@ keycloak_env_vars=(
     KEYCLOAK_LOG_LEVEL
     KEYCLOAK_LOG_OUTPUT
     KEYCLOAK_ROOT_LOG_LEVEL
-    KEYCLOAK_PROXY
+    KEYCLOAK_PROXY_HEADERS
     KEYCLOAK_PRODUCTION
     KEYCLOAK_EXTRA_ARGS_PREPENDED
     KEYCLOAK_DATABASE_VENDOR
@@ -161,7 +161,7 @@ export KEYCLOAK_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY="${KEYCLOAK_SPI
 export KEYCLOAK_LOG_LEVEL="${KEYCLOAK_LOG_LEVEL:-info}"
 export KEYCLOAK_LOG_OUTPUT="${KEYCLOAK_LOG_OUTPUT:-default}"
 export KEYCLOAK_ROOT_LOG_LEVEL="${KEYCLOAK_ROOT_LOG_LEVEL:-INFO}"
-export KEYCLOAK_PROXY="${KEYCLOAK_PROXY:-passthrough}"
+export KEYCLOAK_PROXY_HEADERS="${KEYCLOAK_PROXY_HEADERS:-}"
 export KEYCLOAK_PRODUCTION="${KEYCLOAK_PRODUCTION:-false}"
 export KEYCLOAK_EXTRA_ARGS_PREPENDED="${KEYCLOAK_EXTRA_ARGS_PREPENDED:-}"
 export KEYCLOAK_DATABASE_VENDOR="${KEYCLOAK_DATABASE_VENDOR:-postgresql}"
diff --git a/bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/libkeycloak.sh b/bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/libkeycloak.sh
index ebf3a06309b5..67d93dee1b99 100644
--- a/bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/libkeycloak.sh
+++ b/bitnami/keycloak/24/debian-12/rootfs/opt/bitnami/scripts/libkeycloak.sh
@@ -42,16 +42,9 @@ keycloak_validate() {
             print_validation_error "An invalid port was specified in the environment variable ${port_var}: ${err}."
         fi
     }
-    if is_boolean_yes "$KEYCLOAK_PRODUCTION"; then
-        if [[ "$KEYCLOAK_PROXY" == "edge" ]]; then
-            # https://www.keycloak.org/server/reverseproxy
-            if is_boolean_yes "$KEYCLOAK_ENABLE_HTTPS"; then
-                print_validation_error "TLS and proxy=edge are not compatible. Please set the KEYCLOAK_ENABLE_HTTPS variable to false when using KEYCLOAK_PROXY=edge. Review # https://www.keycloak.org/server/reverseproxy for more information about proxy settings."
-            fi
-        elif ! is_boolean_yes "$KEYCLOAK_ENABLE_HTTPS"; then
-            # keycloak proxy passthrough/reencrypt requires tls
-            print_validation_error "You need to have TLS enabled. Please set the KEYCLOAK_ENABLE_HTTPS variable to true"
-        fi
+
+    if ! is_empty_value "$KEYCLOAK_PROXY_HEADERS" && ! [[ "$KEYCLOAK_PROXY_HEADERS" =~ ^(forwarded|xforwarded)$ ]]; then
+        print_validation_error "The value of KEYCLOAK_PROXY_HEADERS should be either empty, 'forwarded' or 'xforwarded'"
     fi
 
     if is_boolean_yes "$KEYCLOAK_ENABLE_HTTPS"; then
@@ -251,7 +244,7 @@ keycloak_configure_loglevel() {
 #########################
 keycloak_configure_proxy() {
     info "Configuring proxy"
-    keycloak_conf_set "proxy" "${KEYCLOAK_PROXY}"
+    ! is_empty_value "$KEYCLOAK_PROXY_HEADERS" && keycloak_conf_set "proxy-headers" "${KEYCLOAK_PROXY_HEADERS}"
 }
 
 ########################