Use PROXY Protocol for Keycloak
This commit is contained in:
parent
7710bf384d
commit
9d0697f0d0
|
@ -2,18 +2,16 @@
|
|||
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
|
||||
# Also see: https://www.keycloak.org/server/reverseproxy
|
||||
server {
|
||||
# # Listen on a custom port for the proxy protocol.
|
||||
# listen 8443 ssl http2 proxy_protocol;
|
||||
# # Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||
# # $remote_port to the client address and client port, when using proxy
|
||||
# # protocol.
|
||||
# # First set our proxy protocol proxy as trusted.
|
||||
# set_real_ip_from 10.31.206.11;
|
||||
# # Then tell the realip_module to get the addreses from the proxy protocol
|
||||
# # header.
|
||||
# real_ip_header proxy_protocol;
|
||||
# Temporarily internal-only.
|
||||
listen 443 ssl http2;
|
||||
# Listen on a custom port for the proxy protocol.
|
||||
listen 8443 ssl http2 proxy_protocol;
|
||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||
# $remote_port to the client address and client port, when using proxy
|
||||
# protocol.
|
||||
# First set our proxy protocol proxy as trusted.
|
||||
set_real_ip_from 10.31.206.11;
|
||||
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||
# header.
|
||||
real_ip_header proxy_protocol;
|
||||
|
||||
server_name id.ccchh.net;
|
||||
|
||||
|
|
|
@ -17,6 +17,7 @@ events {
|
|||
stream {
|
||||
map $ssl_preread_server_name $address {
|
||||
wiki.ccchh.net 10.31.206.13:8443;
|
||||
id.ccchh.net 10.31.206.12:8443;
|
||||
default 127.0.0.1:8443;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue