Use PROXY Protocol for Keycloak

This commit is contained in:
julian 2023-05-05 00:00:48 +02:00
parent 7710bf384d
commit 9d0697f0d0
2 changed files with 11 additions and 12 deletions

View file

@ -2,18 +2,16 @@
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6 # https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
# Also see: https://www.keycloak.org/server/reverseproxy # Also see: https://www.keycloak.org/server/reverseproxy
server { server {
# # Listen on a custom port for the proxy protocol. # Listen on a custom port for the proxy protocol.
# listen 8443 ssl http2 proxy_protocol; listen 8443 ssl http2 proxy_protocol;
# # Make use of the ngx_http_realip_module to set the $remote_addr and # Make use of the ngx_http_realip_module to set the $remote_addr and
# # $remote_port to the client address and client port, when using proxy # $remote_port to the client address and client port, when using proxy
# # protocol. # protocol.
# # First set our proxy protocol proxy as trusted. # First set our proxy protocol proxy as trusted.
# set_real_ip_from 10.31.206.11; set_real_ip_from 10.31.206.11;
# # Then tell the realip_module to get the addreses from the proxy protocol # Then tell the realip_module to get the addreses from the proxy protocol
# # header. # header.
# real_ip_header proxy_protocol; real_ip_header proxy_protocol;
# Temporarily internal-only.
listen 443 ssl http2;
server_name id.ccchh.net; server_name id.ccchh.net;

View file

@ -17,6 +17,7 @@ events {
stream { stream {
map $ssl_preread_server_name $address { map $ssl_preread_server_name $address {
wiki.ccchh.net 10.31.206.13:8443; wiki.ccchh.net 10.31.206.13:8443;
id.ccchh.net 10.31.206.12:8443;
default 127.0.0.1:8443; default 127.0.0.1:8443;
} }