Use PROXY Protocol for Keycloak

This commit is contained in:
julian 2023-05-05 00:00:48 +02:00
parent 7710bf384d
commit 9d0697f0d0
2 changed files with 11 additions and 12 deletions

View file

@ -2,18 +2,16 @@
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
# Also see: https://www.keycloak.org/server/reverseproxy
server {
# # Listen on a custom port for the proxy protocol.
# listen 8443 ssl http2 proxy_protocol;
# # Make use of the ngx_http_realip_module to set the $remote_addr and
# # $remote_port to the client address and client port, when using proxy
# # protocol.
# # First set our proxy protocol proxy as trusted.
# set_real_ip_from 10.31.206.11;
# # Then tell the realip_module to get the addreses from the proxy protocol
# # header.
# real_ip_header proxy_protocol;
# Temporarily internal-only.
listen 443 ssl http2;
# Listen on a custom port for the proxy protocol.
listen 8443 ssl http2 proxy_protocol;
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
# First set our proxy protocol proxy as trusted.
set_real_ip_from 10.31.206.11;
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;
server_name id.ccchh.net;

View file

@ -17,6 +17,7 @@ events {
stream {
map $ssl_preread_server_name $address {
wiki.ccchh.net 10.31.206.13:8443;
id.ccchh.net 10.31.206.12:8443;
default 127.0.0.1:8443;
}