valitovgaziz/tp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

modified: serv_nginx/Makefile

Browse Source 
modified:   serv_nginx/docker-compose.yml
	modified:   serv_nginx/keycloak/Dockerfile
	modified:   serv_nginx/keycloak/keycloak.conf
	modified:   serv_nginx/nginx/nginx-ssl.conf
change all for know
This commit is contained in:
Газиз Валитов
2025-10-21 06:37:17 +05:00
parent 516780160e
commit d60d657ce7
5 changed files with 38 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files
serv_nginx/Makefile
+1 -1
View File
@@ -62,4 +62,4 @@ start_kk:
re_kk: git stop_kk start_kk re_kk: git stop_kk start_kk
retart_kk: retart_kk:
docker compose down keycloak && docker compose build keycloak --no-cache && docker compsoe up keycloak -d docker compose down keycloak && docker compose build keycloak --no-cache && docker compose up keycloak -d
serv_nginx/docker-compose.yml
+4 -8
View File
@@ -168,18 +168,14 @@ services:
KEYCLOAK_ADMIN: admin KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin} KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin}
KC_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD:-keycloak} KC_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD:-keycloak}
# Используем только hostname-url с путем /auth # Убрать KC_HOSTNAME_URL - используем конфиг файл
KC_HOSTNAME_URL: https://yalarba.ru/auth
KC_HTTP_ENABLED: true KC_HTTP_ENABLED: true
KC_HTTP_RELATIVE_PATH: /auth KC_HTTP_RELATIVE_PATH: /auth
KC_HOSTNAME_STRICT: true KC_HOSTNAME_STRICT: true
KC_HOSTNAME_STRICT_HTTPS: true KC_HOSTNAME_STRICT_HTTPS: true
KC_PROXY: reencrypt
KC_PROXY: edge # Оптимизация для прода
# или JAVA_OPTS: "-Xms512m -Xmx1024m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djava.awt.headless=true"
# - KC_PROXY=reencrypt
# или
#- KC_PROXY=passthrough
volumes: volumes:
- keycloak_data:/opt/keycloak/data - keycloak_data:/opt/keycloak/data
networks: networks:
serv_nginx/keycloak/Dockerfile
+15 -18
View File
@@ -1,30 +1,27 @@
FROM quay.io/keycloak/keycloak:22.0.0 as builder FROM quay.io/keycloak/keycloak:24.0.4 as builder
# Устанавливаем рабочую директорию
WORKDIR /opt/keycloak WORKDIR /opt/keycloak
# Копируем конфигурационный файл # Включение необходимых фич
COPY keycloak.conf /opt/keycloak/conf/keycloak.conf RUN /opt/keycloak/bin/kc.sh build --features=token-exchange,admin-fine-grained-authz
# Собираем Keycloak в optimized режиме с PostgreSQL FROM quay.io/keycloak/keycloak:24.0.4
RUN /opt/keycloak/bin/kc.sh build --db=postgres
FROM quay.io/keycloak/keycloak:22.0.0 # Копируем собранный билд
# Копируем собранную конфигурацию из builder stage
COPY --from=builder /opt/keycloak/ /opt/keycloak/ COPY --from=builder /opt/keycloak/ /opt/keycloak/
# Устанавливаем рабочую директорию
WORKDIR /opt/keycloak WORKDIR /opt/keycloak
# Копируем финальный конфигурационный файл # Создаем пользователя для выполнения
COPY keycloak.conf /opt/keycloak/conf/keycloak.conf RUN groupadd -r keycloak && useradd -r -g keycloak keycloak
# Меняем владельца файлов
USER root
RUN chown -R keycloak:keycloak /opt/keycloak RUN chown -R keycloak:keycloak /opt/keycloak
USER keycloak USER keycloak
# Команда для запуска в optimized режиме # Копируем конфигурационный файл
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"] COPY --chown=keycloak:keycloak keycloak.conf /opt/keycloak/conf/
CMD ["start", "--optimized"]
# Экспортируем порт
EXPOSE 8080
# Команда запуска
ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start", "--optimized"]
serv_nginx/keycloak/keycloak.conf
+11 -6
View File
@@ -15,15 +15,15 @@ http-enabled=true
http-port=8080 http-port=8080
http-relative-path=/auth http-relative-path=/auth
# Hostname configuration # Hostname configuration - ИСПРАВЛЕНО
hostname-url=https://yalarba.ru/auth hostname=https://yalarba.ru
hostname-path=/auth
hostname-strict=true hostname-strict=true
hostname-strict-https=true hostname-strict-https=true
hostname-strict-backchannel=false hostname-strict-backchannel=false
hostname-path=/auth
# Proxy configuration # Proxy configuration - ИСПРАВЛЕНО
proxy=x_forwarded proxy=reencrypt
proxy-address-forwarding=true proxy-address-forwarding=true
# CORS settings # CORS settings
@@ -39,4 +39,9 @@ health-enabled=true
features=token-exchange,admin-fine-grained-authz features=token-exchange,admin-fine-grained-authz
# Logging # Logging
log-level=INFO log-level=INFO
# Дополнительные настройки для прода
cache=local
cache-stack=kubernetes
metrics-enabled=false
serv_nginx/nginx/nginx-ssl.conf
+7 -4
View File
@@ -22,7 +22,7 @@ server {
location / { location / {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
location /uploads/ { location /uploads/ {
alias /uploads/; alias /uploads/;
expires 1y; expires 1y;
@@ -52,19 +52,22 @@ server {
# Keycloak integration - исправленная конфигурация # Keycloak integration - исправленная конфигурация
location /auth/ { location /auth/ {
proxy_pass http://keycloak_backend/auth/; proxy_pass http://keycloak_backend;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Port $server_port;
# Убрать trailing slash в proxy_pass
proxy_pass http://keycloak_backend;
# Важные настройки для Keycloak # Важные настройки для Keycloak
proxy_buffer_size 128k; proxy_buffer_size 128k;
proxy_buffers 4 256k; proxy_buffers 4 256k;
proxy_busy_buffers_size 256k; proxy_busy_buffers_size 256k;
# Таймауты # Таймауты
proxy_connect_timeout 30s; proxy_connect_timeout 30s;
proxy_send_timeout 30s; proxy_send_timeout 30s;