From c633d0dbe013b58f22ff43415121e3dac8738efa Mon Sep 17 00:00:00 2001
From: valitovgaziz <valitovgaziz@yandex.ru>
Date: Tue, 21 Oct 2025 05:43:44 +0500
Subject: [PATCH] 	modified:   serv_nginx/keycloak/keycloak.conf 
 modified:   serv_nginx/nginx/nginx-ssl.conf change ssl add admin into ngnx
 and set keycloak configs

---
 serv_nginx/keycloak/keycloak.conf | 23 ++++++++++++++++-------
 serv_nginx/nginx/nginx-ssl.conf   | 11 +++++++++++
 2 files changed, 27 insertions(+), 7 deletions(-)

diff --git a/serv_nginx/keycloak/keycloak.conf b/serv_nginx/keycloak/keycloak.conf
index 877a804..689a573 100644
--- a/serv_nginx/keycloak/keycloak.conf
+++ b/serv_nginx/keycloak/keycloak.conf
@@ -1,4 +1,4 @@
-# Database
+# Database configuration
 db=postgres
 db-url-host=keycloak-db
 db-url-port=5432
@@ -11,17 +11,26 @@ admin-url=http://localhost:8080
 admin-username=${KEYCLOAK_ADMIN}
 admin-password=${KEYCLOAK_ADMIN_PASSWORD}
 
-# HTTP
+# HTTP configuration
 http-enabled=true
 http-port=8080
 http-relative-path=/
 
-# Hostname
+# Hostname configuration - ВАЖНО!
 hostname-strict=false
 hostname-strict-https=false
+hostname-url=https://yalarba.ru
+hostname-admin-url=https://yalarba.ru
 
-# Proxy settings (если используете nginx)
-proxy=edge
+# Proxy settings - ВАЖНО для работы за nginx
+proxy-headers=xforwarded
+proxy=x_forwarded
 
-# Health
-health-enabled=true
\ No newline at end of file
+# Health checks
+health-enabled=true
+
+# Features
+features=token-exchange,admin-fine-grained-authz
+
+# Logging
+log-level=INFO
\ No newline at end of file
diff --git a/serv_nginx/nginx/nginx-ssl.conf b/serv_nginx/nginx/nginx-ssl.conf
index 2431805..1254c99 100644
--- a/serv_nginx/nginx/nginx-ssl.conf
+++ b/serv_nginx/nginx/nginx-ssl.conf
@@ -74,6 +74,17 @@ server {
         proxy_set_header X-Forwarded-Host $host;
     }
 
+    # Для админки
+    location /admin {
+        proxy_pass http://keycloak:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Port $server_port;
+    }
+
 }