modified: serv_nginx/docker-compose.yml

modified:   serv_nginx/keycloak/keycloak.conf
keycloak modifay configs and environment vars

serv_nginx/docker-compose.yml

@@ -168,6 +168,15 @@ services:
       KEYCLOAK_ADMIN: admin
       KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin}
       KC_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD:-keycloak}
+      # Добавьте эти переменные
+      KC_HOSTNAME: yalarba.ru
+      KC_HOSTNAME_URL: https://yalarba.ru
+      KC_HOSTNAME_ADMIN_URL: https://yalarba.ru
+      KC_PROXY: x_forwarded
+      KC_HTTP_ENABLED: true
+      KC_HOSTNAME_STRICT: false
+      KC_HOSTNAME_STRICT_HTTPS: false
+      KC_HTTP_CORS: true
     volumes:
       - keycloak_data:/opt/keycloak/data
     networks:

serv_nginx/keycloak/keycloak.conf

@@ -7,7 +7,6 @@ db-username=keycloak
 db-password=${KC_DB_PASSWORD}
 
 # Admin credentials
-admin-url=http://localhost:8080
 admin-username=${KEYCLOAK_ADMIN}
 admin-password=${KEYCLOAK_ADMIN_PASSWORD}
 
@@ -16,15 +15,22 @@ http-enabled=true
 http-port=8080
 http-relative-path=/
 
-# Hostname configuration - ВАЖНО!
+# Hostname configuration
+hostname=https://yalarba.ru
 hostname-strict=false
 hostname-strict-https=false
-hostname-url=https://yalarba.ru
+hostname-strict-backchannel=false
-hostname-admin-url=https://yalarba.ru
+hostname-path=/
 
-# Proxy settings - ВАЖНО для работы за nginx
+# Proxy configuration
-proxy-headers=xforwarded
 proxy=x_forwarded
+proxy-address-forwarding=true
+
+# CORS settings
+http-cors=true
+http-cors-max-age=3600
+http-cors-methods=GET,POST,PUT,DELETE,OPTIONS,PATCH
+http-cors-headers=*
 
 # Health checks
 health-enabled=true
@@ -32,5 +38,5 @@ health-enabled=true
 # Features
 features=token-exchange,admin-fine-grained-authz
 
-# Logging
+# Logging (для отладки)
 log-level=INFO