From 74382de88df591bf761e598693909a7dd0189bfe Mon Sep 17 00:00:00 2001
From: valitovgaziz <valitovgaziz@yandex.ru>
Date: Tue, 21 Oct 2025 05:58:27 +0500
Subject: [PATCH] 	modified:   serv_nginx/keycloak/keycloak.conf 
 modified:   serv_nginx/nginx/nginx-ssl.conf change configs for keycloak to
 auth only domen path and change nginx configs for this

---
 serv_nginx/keycloak/keycloak.conf | 12 +++++-----
 serv_nginx/nginx/nginx-ssl.conf   | 37 +++++++++++++++++++++++++++----
 2 files changed, 39 insertions(+), 10 deletions(-)

diff --git a/serv_nginx/keycloak/keycloak.conf b/serv_nginx/keycloak/keycloak.conf
index 18863b7..53ddcdd 100644
--- a/serv_nginx/keycloak/keycloak.conf
+++ b/serv_nginx/keycloak/keycloak.conf
@@ -13,14 +13,14 @@ admin-password=${KEYCLOAK_ADMIN_PASSWORD}
 # HTTP configuration
 http-enabled=true
 http-port=8080
-http-relative-path=/
+http-relative-path=/auth
 
 # Hostname configuration
-hostname=https://yalarba.ru
-hostname-strict=false
-hostname-strict-https=false
+hostname-url=https://yalarba.ru/auth
+hostname-strict=true
+hostname-strict-https=true
 hostname-strict-backchannel=false
-hostname-path=/
+hostname-path=/auth
 
 # Proxy configuration
 proxy=x_forwarded
@@ -38,5 +38,5 @@ health-enabled=true
 # Features
 features=token-exchange,admin-fine-grained-authz
 
-# Logging (для отладки)
+# Logging
 log-level=INFO
\ No newline at end of file
diff --git a/serv_nginx/nginx/nginx-ssl.conf b/serv_nginx/nginx/nginx-ssl.conf
index 1254c99..513b1fe 100644
--- a/serv_nginx/nginx/nginx-ssl.conf
+++ b/serv_nginx/nginx/nginx-ssl.conf
@@ -64,18 +64,43 @@ server {
         proxy_read_timeout 600;
     }
 
-    # Keycloak integration
+    # Keycloak configuration - все запросы к /auth проксируем к Keycloak
     location /auth/ {
-        proxy_pass http://keycloak_backend/;
+        proxy_pass http://keycloak:8080/auth/;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Port $server_port;
+        proxy_set_header X-Forwarded-Prefix /auth;
+
+        # WebSocket support
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+
+        # Timeouts
+        proxy_connect_timeout 30s;
+        proxy_send_timeout 30s;
+        proxy_read_timeout 30s;
+
+        # Buffer settings
+        proxy_buffer_size 128k;
+        proxy_buffers 4 256k;
+        proxy_busy_buffers_size 256k;
+
+        # Disable buffering for admin console
+        proxy_buffering off;
     }
 
-    # Для админки
-    location /admin {
+    # Редирект корневого пути на /auth если нужно
+    location = / {
+        return 302 /auth/;
+    }
+
+    # Static assets with longer cache
+    location ~* /auth/.*\.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
         proxy_pass http://keycloak:8080;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
@@ -83,6 +108,10 @@ server {
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header X-Forwarded-Host $host;
         proxy_set_header X-Forwarded-Port $server_port;
+
+        # Cache static assets
+        expires 1y;
+        add_header Cache-Control "public, immutable";
     }
 
 }