logout doesn't work

[qd19zzx]

Hi, I'm using nexus3-keycloak-plugin and docker-nginx-gateway to implement SSO of nexus3.
Everything goes well, but when I click the "Sigh Out" button in the nexus3 ui, it doesn't work. I got a 500 error in the browser. And the session in keycloak wasn't deleted.

Below is my nginx conf file under vhost.d
Do I miss something? Is there any other configs in nginx or keycloak?
Hope to get your reply，thanks

server {
    listen 80;
    server_name 1.1.1.1;
    resolver 2.2.2.2;

    include /etc/nginx/vhost.d/nexus3.example.com/*.conf;

    set $oidc_logout_path "/logout";
    set $oidc_redirect_after_logout_uri "/";

    location / {
        # Note: $http_host contains ip and port, but $host just contains ip only
        proxy_set_header Host $http_host;
        proxy_set_header X-Keycloak-Sec-Auth $http_x_remote_user:$http_x_remote_user_access_token;
        # proxy_set_header Authorization $http_authorization;
        # Note: make the HTTP header to be smaller
        proxy_hide_header X-Remote-User-Access-Token;

        set $oidc_disabled "false";
        # Disable OIDC when using maven client
        if ($http_user_agent ~* "^(Apache-Maven|docker)/.+$") {
            set $oidc_disabled "true";
        }
        # And disable OIDC when the header Authorization was specified
        if ($http_authorization !~* "^$") {
            set $oidc_disabled "true";
        }

        set $oidc_realm "xxxx";
        # Note: change the client id and secret to the actual value
        set $oidc_client_id "xxxxx";
        set $oidc_client_secret "xxxxxxx";
        set $oidc_discovery "https://xxx.xx/auth/realms/$oidc_realm/.well-known/openid-configuration";
        access_by_lua_file /etc/nginx/vhost.d/oidc.lua;

        client_max_body_size 500M;
        # Disable cache of assets
        proxy_cache            off;
        proxy_read_timeout     600;
        proxy_connect_timeout  600;

        # Avoid to get address resolve error when starting
        set $target http://nexus.nexus.svc.cluster.local:8081;
        proxy_pass  $target;

        sub_filter '</body>' '<script type="text/javascript">(function inject_logout() { var oidc_disabled = "$oidc_disabled"; if (oidc_disabled === "true") { return; } var dom = document.querySelectorAll("a[id^=\'nx-header-signout-\']")[0]; if (!dom) { setTimeout(inject_logout, 500); } else { dom.addEventListener("click", function (event) { event.stopPropagation(); window.location.href = "$oidc_logout_path"; }, true); }})();</script></body>';
        sub_filter_once on;

        # Just for debugging, you may not want it
        # header_filter_by_lua_block {
        #     for key, value in pairs(ngx.resp.get_headers()) do
        #         local val = type(value) == 'string' and {value} or value
        #         for k, v in ipairs(val) do
        #             for i=0, v:len(), 1024 do
        #                 ngx.log(ngx.DEBUG, 'Response Header: '..key..' -> '..v:sub(i + 1, i + 1024))
        #             end
        #         end
        #     end
        #     for key, value in pairs(ngx.req.get_headers()) do
        #         local val = type(value) == 'string' and {value} or value
        #         for k, v in ipairs(val) do
        #             for i=0, v:len(), 1024 do
        #                 ngx.log(ngx.DEBUG, 'Request Header: '..key..' -> '..v:sub(i + 1, i + 1024))
        #             end
        #         end
        #     end
        # }
    }

    # Override the logout action of Nexus
    location /service/rapture/session {
        if ($request_method ~* "^DELETE$") {
            # Redirect to the internal logout url
            return 302 $scheme://$http_host$oidc_logout_path;
        }
        # Login forbidden
        return 403;
    }
}

[flytreeleft]

@qd19zzx Sorry for sooo late to reply you.

The nginx configuration is just fine. But you should get the detail error messages from the 500 response text and the backend logs which was created by the Keycloak and Nexus. Maybe something is wrong in the backend services.