From 2213091657d42408e0cb6798413f5c395bcc08da Mon Sep 17 00:00:00 2001
From: valitovgaziz <a-c-v-a-l@mail.ru>
Date: Wed, 10 Sep 2025 15:51:50 +0500
Subject: [PATCH] 	modified:   serv_nginx/nginx/nginx-ssl.conf 
 modified:   serv_nginx/nginx/switch-config.sh fix bag into switch-config.sh
 nginx add settings into nginx-ssl.conf for auth.yalarba.ru domain

---
 serv_nginx/nginx/nginx-ssl.conf   | 37 +++++++++++++++++++++++++++++++
 serv_nginx/nginx/switch-config.sh |  2 +-
 2 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/serv_nginx/nginx/nginx-ssl.conf b/serv_nginx/nginx/nginx-ssl.conf
index f7560ba..700f092 100644
--- a/serv_nginx/nginx/nginx-ssl.conf
+++ b/serv_nginx/nginx/nginx-ssl.conf
@@ -119,3 +119,40 @@ server {
 		try_files $uri $uri/ /index.html;
 	}
 }
+
+    server {
+        listen 80;
+        server_name keycloak.yalarba.ru;
+        
+        # Перенаправление HTTP на HTTPS
+        return 301 https://$server_name$request_uri;
+    }
+
+    server {
+        listen 443 ssl;
+        server_name keycloak.yalarba.ru;
+
+        # SSL сертификаты
+        ssl_certificate /etc/letsencrypt/live/auth.yalarba.ru/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/auth.yalarba.ru/privkey.pem;
+
+        # SSL настройки
+        ssl_protocols TLSv1.2 TLSv1.3;
+        ssl_ciphers HIGH:!aNULL:!MD5;
+
+        # Проксирование запросов к Keycloak
+        location / {
+            proxy_pass http://keycloak;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Forwarded-Host $host;
+            proxy_set_header X-Forwarded-Port $server_port;
+            
+            # Важные настройки для Keycloak
+            proxy_buffer_size          128k;
+            proxy_buffers              4 256k;
+            proxy_busy_buffers_size    256k;
+        }
+    }
diff --git a/serv_nginx/nginx/switch-config.sh b/serv_nginx/nginx/switch-config.sh
index 6a8793b..89915e7 100644
--- a/serv_nginx/nginx/switch-config.sh
+++ b/serv_nginx/nginx/switch-config.sh
@@ -7,7 +7,7 @@ if \
   [ -f "/etc/letsencrypt/live/valitovgaziz.ru/fullchain.pem" ] && \
   [ -f "/etc/letsencrypt/live/begushiybashkir.ru/fullchain.pem" ] && \
   [ -f "/etc/letsencrypt/live/xn--80abahjtcfl5d0a8di.xn--p1ai/fullchain.pem" ]
-  [ -f "/etc/letsencrypt/live/auth.yalarba.ru.pem" ]; then
+  [ -f "/etc/letsencrypt/live/auth.yalarba.ru/fullchain.pem" ]; then
   echo "SSL certificates found for all domains, switching to HTTPS configuration"
   ln -sf /etc/nginx/nginx-ssl.conf /etc/nginx/conf.d/default.conf
 else