Use PROXY Protocol for Keycloak
This commit is contained in:
parent
7710bf384d
commit
9d0697f0d0
|
@ -2,18 +2,16 @@
|
||||||
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
|
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
|
||||||
# Also see: https://www.keycloak.org/server/reverseproxy
|
# Also see: https://www.keycloak.org/server/reverseproxy
|
||||||
server {
|
server {
|
||||||
# # Listen on a custom port for the proxy protocol.
|
# Listen on a custom port for the proxy protocol.
|
||||||
# listen 8443 ssl http2 proxy_protocol;
|
listen 8443 ssl http2 proxy_protocol;
|
||||||
# # Make use of the ngx_http_realip_module to set the $remote_addr and
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||||
# # $remote_port to the client address and client port, when using proxy
|
# $remote_port to the client address and client port, when using proxy
|
||||||
# # protocol.
|
# protocol.
|
||||||
# # First set our proxy protocol proxy as trusted.
|
# First set our proxy protocol proxy as trusted.
|
||||||
# set_real_ip_from 10.31.206.11;
|
set_real_ip_from 10.31.206.11;
|
||||||
# # Then tell the realip_module to get the addreses from the proxy protocol
|
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||||
# # header.
|
# header.
|
||||||
# real_ip_header proxy_protocol;
|
real_ip_header proxy_protocol;
|
||||||
# Temporarily internal-only.
|
|
||||||
listen 443 ssl http2;
|
|
||||||
|
|
||||||
server_name id.ccchh.net;
|
server_name id.ccchh.net;
|
||||||
|
|
||||||
|
|
|
@ -17,6 +17,7 @@ events {
|
||||||
stream {
|
stream {
|
||||||
map $ssl_preread_server_name $address {
|
map $ssl_preread_server_name $address {
|
||||||
wiki.ccchh.net 10.31.206.13:8443;
|
wiki.ccchh.net 10.31.206.13:8443;
|
||||||
|
id.ccchh.net 10.31.206.12:8443;
|
||||||
default 127.0.0.1:8443;
|
default 127.0.0.1:8443;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue