valitovgaziz/tp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

modified: serv_nginx/keycloak/keycloak.conf

Browse Source 
modified:   serv_nginx/nginx/nginx-ssl.conf
change configs for keycloak to auth only domen path and change nginx
configs for this
This commit is contained in:
Газиз Валитов
2025-10-21 05:58:27 +05:00
parent 72e7d8b5f2
commit 74382de88d
2 changed files with 39 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
serv_nginx/keycloak/keycloak.conf
+6 -6
View File
@@ -13,14 +13,14 @@ admin-password=${KEYCLOAK_ADMIN_PASSWORD}
# HTTP configuration # HTTP configuration
http-enabled=true http-enabled=true
http-port=8080 http-port=8080
http-relative-path=/ http-relative-path=/auth
# Hostname configuration # Hostname configuration
hostname=https://yalarba.ru hostname-url=https://yalarba.ru/auth
hostname-strict=false hostname-strict=true
hostname-strict-https=false hostname-strict-https=true
hostname-strict-backchannel=false hostname-strict-backchannel=false
hostname-path=/ hostname-path=/auth
# Proxy configuration # Proxy configuration
proxy=x_forwarded proxy=x_forwarded
@@ -38,5 +38,5 @@ health-enabled=true
# Features # Features
features=token-exchange,admin-fine-grained-authz features=token-exchange,admin-fine-grained-authz
# Logging (для отладки) # Logging
log-level=INFO log-level=INFO
serv_nginx/nginx/nginx-ssl.conf
+33 -4
View File
@@ -64,18 +64,43 @@ server {
proxy_read_timeout 600; proxy_read_timeout 600;
} }
# Keycloak integration # Keycloak configuration - все запросы к /auth проксируем к Keycloak
location /auth/ { location /auth/ {
proxy_pass http://keycloak_backend/; proxy_pass http://keycloak:8080/auth/;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Prefix /auth;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeouts
proxy_connect_timeout 30s;
proxy_send_timeout 30s;
proxy_read_timeout 30s;
# Buffer settings
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
# Disable buffering for admin console
proxy_buffering off;
} }
# Для админки # Редирект корневого пути на /auth если нужно
location /admin { location = / {
return 302 /auth/;
}
# Static assets with longer cache
location ~* /auth/.*\.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
proxy_pass http://keycloak:8080; proxy_pass http://keycloak:8080;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
@@ -83,6 +108,10 @@ server {
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Port $server_port;
# Cache static assets
expires 1y;
add_header Cache-Control "public, immutable";
} }
} }