modified: serv_nginx/nginx/nginx-ssl.conf
modified: serv_nginx/nginx/switch-config.sh fix bag into switch-config.sh nginx add settings into nginx-ssl.conf for auth.yalarba.ru domain
This commit is contained in:
valitovgaziz
@@ -119,3 +119,40 @@ server {
|
|||||||
try_files $uri $uri/ /index.html;
|
try_files $uri $uri/ /index.html;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name keycloak.yalarba.ru;
|
||||||
|
|
||||||
|
# Перенаправление HTTP на HTTPS
|
||||||
|
return 301 https://$server_name$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
server_name keycloak.yalarba.ru;
|
||||||
|
|
||||||
|
# SSL сертификаты
|
||||||
|
ssl_certificate /etc/letsencrypt/live/auth.yalarba.ru/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/auth.yalarba.ru/privkey.pem;
|
||||||
|
|
||||||
|
# SSL настройки
|
||||||
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
|
|
||||||
|
# Проксирование запросов к Keycloak
|
||||||
|
location / {
|
||||||
|
proxy_pass http://keycloak;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Forwarded-Host $host;
|
||||||
|
proxy_set_header X-Forwarded-Port $server_port;
|
||||||
|
|
||||||
|
# Важные настройки для Keycloak
|
||||||
|
proxy_buffer_size 128k;
|
||||||
|
proxy_buffers 4 256k;
|
||||||
|
proxy_busy_buffers_size 256k;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ if \
|
|||||||
[ -f "/etc/letsencrypt/live/valitovgaziz.ru/fullchain.pem" ] && \
|
[ -f "/etc/letsencrypt/live/valitovgaziz.ru/fullchain.pem" ] && \
|
||||||
[ -f "/etc/letsencrypt/live/begushiybashkir.ru/fullchain.pem" ] && \
|
[ -f "/etc/letsencrypt/live/begushiybashkir.ru/fullchain.pem" ] && \
|
||||||
[ -f "/etc/letsencrypt/live/xn--80abahjtcfl5d0a8di.xn--p1ai/fullchain.pem" ]
|
[ -f "/etc/letsencrypt/live/xn--80abahjtcfl5d0a8di.xn--p1ai/fullchain.pem" ]
|
||||||
[ -f "/etc/letsencrypt/live/auth.yalarba.ru.pem" ]; then
|
[ -f "/etc/letsencrypt/live/auth.yalarba.ru/fullchain.pem" ]; then
|
||||||
echo "SSL certificates found for all domains, switching to HTTPS configuration"
|
echo "SSL certificates found for all domains, switching to HTTPS configuration"
|
||||||
ln -sf /etc/nginx/nginx-ssl.conf /etc/nginx/conf.d/default.conf
|
ln -sf /etc/nginx/nginx-ssl.conf /etc/nginx/conf.d/default.conf
|
||||||
else
|
else
|
||||||
|
|||||||
Reference in New Issue
Block a user