modified: serv_nginx/keycloak/keycloak.conf

modified: serv_nginx/nginx/nginx-ssl.conf change ssl add admin into ngnx and set keycloak configs
2025-10-21 05:43:44 +05:00
parent 8ba9ce6ae1
commit c633d0dbe0
2 changed files with 27 additions and 7 deletions
@@ -1,4 +1,4 @@
-# Database
+# Database configuration
 db=postgres
 db-url-host=keycloak-db
 db-url-port=5432
@@ -11,17 +11,26 @@ admin-url=http://localhost:8080
 admin-username=${KEYCLOAK_ADMIN}
 admin-password=${KEYCLOAK_ADMIN_PASSWORD}
-# HTTP
+# HTTP configuration
 http-enabled=true
 http-port=8080
 http-relative-path=/
-# Hostname
+# Hostname configuration - ВАЖНО!
 hostname-strict=false
 hostname-strict-https=false
 hostname-url=https://yalarba.ru
 hostname-admin-url=https://yalarba.ru
-# Proxy settings (если используете nginx)
+# Proxy settings - ВАЖНО для работы за nginx
-proxy=edge
+proxy-headers=xforwarded
 proxy=x_forwarded
-# Health
+# Health checks
-health-enabled=true
+health-enabled=true
 # Features
 features=token-exchange,admin-fine-grained-authz
 # Logging
 log-level=INFO
@@ -74,6 +74,17 @@ server {
        proxy_set_header X-Forwarded-Host $host;
    }
    # Для админки
    location /admin {
        proxy_pass http://keycloak:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Port $server_port;
    }
 }