nginx.d.conf.j2 1.42 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
server {
    listen       80;
    listen       [::]:80;
    server_name  {{ keycloak_domain }};

    access_log   /var/log/nginx/{{ keycloak_domain }}/access.log reduced;
    error_log    /var/log/nginx/{{ keycloak_domain }}/error.log;

    include snippets/letsencrypt.conf;

    location / {
        access_log off;
        return 301 https://$server_name$request_uri;
    }
}

server {
    listen       443 ssl http2;
    listen       [::]:443 ssl http2;
    server_name  {{ keycloak_domain }};

    access_log   /var/log/nginx/{{ keycloak_domain }}/access.log reduced;
    error_log    /var/log/nginx/{{ keycloak_domain }}/error.log;

    ssl_certificate      /etc/letsencrypt/live/{{ keycloak_domain }}/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/{{ keycloak_domain }}/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/{{ keycloak_domain }}/chain.pem;

    root {{ keycloak_domain }};

    location / {
        access_log   /var/log/nginx/{{ keycloak_domain }}/access.log main;
33
34
35
36
37
        proxy_set_header    Host               $host;
        proxy_set_header    X-Real-IP          $remote_addr;
        proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto  $scheme;
        proxy_ssl_verify    off;
38
39
        proxy_pass https://localhost:{{ keycloak_port }};
    }
40
41

    location = / {
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
42
        return 301 https://$server_name/auth/realms/archlinux/account;
43
    }
44
}