modified: serv_nginx/keycloak/keycloak.conf

modified:   serv_nginx/nginx/nginx-ssl.conf
change ssl add admin into ngnx and set keycloak configs

serv_nginx/keycloak/keycloak.conf

@@ -1,4 +1,4 @@
-# Database
+# Database configuration
 db=postgres
 db-url-host=keycloak-db
 db-url-port=5432
@@ -11,17 +11,26 @@ admin-url=http://localhost:8080
 admin-username=${KEYCLOAK_ADMIN}
 admin-password=${KEYCLOAK_ADMIN_PASSWORD}
 
-# HTTP
+# HTTP configuration
 http-enabled=true
 http-port=8080
 http-relative-path=/
 
-# Hostname
+# Hostname configuration - ВАЖНО!
 hostname-strict=false
 hostname-strict-https=false
+hostname-url=https://yalarba.ru
+hostname-admin-url=https://yalarba.ru
 
-# Proxy settings (если используете nginx)
-proxy=edge
+# Proxy settings - ВАЖНО для работы за nginx
+proxy-headers=xforwarded
+proxy=x_forwarded
 
-# Health
+# Health checks
 health-enabled=true
+
+# Features
+features=token-exchange,admin-fine-grained-authz
+
+# Logging
+log-level=INFO

serv_nginx/nginx/nginx-ssl.conf

@@ -74,6 +74,17 @@ server {
         proxy_set_header X-Forwarded-Host $host;
     }
 
+    # Для админки
+    location /admin {
+        proxy_pass http://keycloak:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Port $server_port;
+    }
+
 }