diff --git a/playbooks/files/configs/keycloak/nginx/id.ccchh.net.conf b/playbooks/files/configs/keycloak/nginx/id.ccchh.net.conf index b87ff52..5c4d6d2 100644 --- a/playbooks/files/configs/keycloak/nginx/id.ccchh.net.conf +++ b/playbooks/files/configs/keycloak/nginx/id.ccchh.net.conf @@ -2,18 +2,16 @@ # https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6 # Also see: https://www.keycloak.org/server/reverseproxy server { - # # Listen on a custom port for the proxy protocol. - # listen 8443 ssl http2 proxy_protocol; - # # Make use of the ngx_http_realip_module to set the $remote_addr and - # # $remote_port to the client address and client port, when using proxy - # # protocol. - # # First set our proxy protocol proxy as trusted. - # set_real_ip_from 10.31.206.11; - # # Then tell the realip_module to get the addreses from the proxy protocol - # # header. - # real_ip_header proxy_protocol; - # Temporarily internal-only. - listen 443 ssl http2; + # Listen on a custom port for the proxy protocol. + listen 8443 ssl http2 proxy_protocol; + # Make use of the ngx_http_realip_module to set the $remote_addr and + # $remote_port to the client address and client port, when using proxy + # protocol. + # First set our proxy protocol proxy as trusted. + set_real_ip_from 10.31.206.11; + # Then tell the realip_module to get the addreses from the proxy protocol + # header. + real_ip_header proxy_protocol; server_name id.ccchh.net; diff --git a/playbooks/files/configs/public-reverse-proxy/nginx/nginx.conf b/playbooks/files/configs/public-reverse-proxy/nginx/nginx.conf index 82b3dec..70336c6 100644 --- a/playbooks/files/configs/public-reverse-proxy/nginx/nginx.conf +++ b/playbooks/files/configs/public-reverse-proxy/nginx/nginx.conf @@ -17,6 +17,7 @@ events { stream { map $ssl_preread_server_name $address { wiki.ccchh.net 10.31.206.13:8443; + id.ccchh.net 10.31.206.12:8443; default 127.0.0.1:8443; }