tp/serv_nginx/keycloak/keycloak.conf

# Database configuration
db=postgres
db-url-host=keycloak-db
db-url-port=5432
db-url-database=keycloak
db-username=keycloak
db-password=${KC_DB_PASSWORD}

# Admin credentials
admin-username=${KEYCLOAK_ADMIN}
admin-password=${KEYCLOAK_ADMIN_PASSWORD}

# HTTP configuration
http-enabled=true
http-port=8080
http-relative-path=/auth

# Hostname configuration - ИСПРАВЛЕНО
hostname=https://yalarba.ru
hostname-path=/auth
hostname-strict=true
hostname-strict-https=true
hostname-strict-backchannel=false

# Proxy configuration - ИСПРАВЛЕНО
proxy=reencrypt
proxy-address-forwarding=true

# CORS settings
http-cors=true
http-cors-max-age=3600
http-cors-methods=GET,POST,PUT,DELETE,OPTIONS,PATCH
http-cors-headers=*

# Health checks
health-enabled=true

# Features
features=token-exchange,admin-fine-grained-authz

# Logging
log-level=INFO

# Дополнительные настройки для прода
cache=local
cache-stack=kubernetes
metrics-enabled=false