Use PROXY Protocol for Keycloak

playbooks/files/configs/keycloak/nginx/id.ccchh.net.conf

@@ -2,18 +2,16 @@
 # https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
 # Also see: https://www.keycloak.org/server/reverseproxy
 server {
-    # # Listen on a custom port for the proxy protocol.
-    # listen 8443 ssl http2 proxy_protocol;
-    # # Make use of the ngx_http_realip_module to set the $remote_addr and
-    # # $remote_port to the client address and client port, when using proxy
-    # # protocol.
-    # # First set our proxy protocol proxy as trusted.
-    # set_real_ip_from 10.31.206.11;
-    # # Then tell the realip_module to get the addreses from the proxy protocol
-    # # header.
-    # real_ip_header proxy_protocol;
-    # Temporarily internal-only.
-    listen 443 ssl http2;
+    # Listen on a custom port for the proxy protocol.
+    listen 8443 ssl http2 proxy_protocol;
+    # Make use of the ngx_http_realip_module to set the $remote_addr and
+    # $remote_port to the client address and client port, when using proxy
+    # protocol.
+    # First set our proxy protocol proxy as trusted.
+    set_real_ip_from 10.31.206.11;
+    # Then tell the realip_module to get the addreses from the proxy protocol
+    # header.
+    real_ip_header proxy_protocol;
 
     server_name id.ccchh.net;
 

playbooks/files/configs/public-reverse-proxy/nginx/nginx.conf

@@ -17,6 +17,7 @@ events {
 stream {
     map $ssl_preread_server_name $address {
         wiki.ccchh.net 10.31.206.13:8443;
+        id.ccchh.net 10.31.206.12:8443;
         default 127.0.0.1:8443;
     }