80 lines
3.1 KiB
Plaintext
80 lines
3.1 KiB
Plaintext
|
server {
|
||
|
listen 127.0.0.1:443 ssl http2;
|
||
|
server_name wildfly-keycloak-prod-theia.two.secure.squirrelcube.xyz;
|
||
|
ssl_certificate /etc/ssl/tp/fullchain.pem;
|
||
|
ssl_certificate_key /etc/ssl/tp/private/privkey.pem;
|
||
|
location / {
|
||
|
proxy_pass http://127.0.0.5:10090;
|
||
|
proxy_set_header Host $host:10090;
|
||
|
proxy_set_header Origin http://$host:10090;
|
||
|
|
||
|
proxy_redirect off;
|
||
|
proxy_http_version 1.1;
|
||
|
proxy_set_header X-Real-IP $remote_addr;
|
||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||
|
proxy_pass_request_headers on;
|
||
|
}
|
||
|
}
|
||
|
server {
|
||
|
listen 127.0.0.1:443 ssl http2;
|
||
|
|
||
|
server_name keycloak-prod-theia.two.secure.squirrelcube.xyz;
|
||
|
ssl_certificate /etc/ssl/tp/fullchain.pem;
|
||
|
ssl_certificate_key /etc/ssl/tp/private/privkey.pem;
|
||
|
|
||
|
location / {
|
||
|
proxy_pass http://192.168.0.110:8180;
|
||
|
proxy_set_header Host $host;
|
||
|
proxy_set_header X-Real-IP $remote_addr;
|
||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
|
proxy_set_header X-Forwarded-Host $host;
|
||
|
proxy_set_header X-Forwarded-Server $host;
|
||
|
proxy_set_header X-Forwarded-Port $server_port;
|
||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
##
|
||
|
## PRODUCTION CONFIG
|
||
|
## Keycloak Frontend Load Balancer
|
||
|
## Instance: theia
|
||
|
##
|
||
|
proxy_cache_path /tmp/NGINX_cache/ keys_zone=backcache:10m;
|
||
|
|
||
|
upstream jboss {
|
||
|
ip_hash;
|
||
|
server 192.168.0.110:8843;
|
||
|
server 192.168.0.115:8843;
|
||
|
server 192.168.0.120:8843;
|
||
|
}
|
||
|
server {
|
||
|
listen 81.16.19.64:443 ssl http2;
|
||
|
listen [2a03:4000:47:58a::]:443 ssl http2;
|
||
|
server_name sso.casa;
|
||
|
|
||
|
ssl_certificate /etc/ssl/lego/certificates/libertacasa.net.crt;
|
||
|
ssl_certificate_key /etc/ssl/lego/certificates/libertacasa.net.key;
|
||
|
ssl_session_cache shared:SSL:1m;
|
||
|
ssl_prefer_server_ciphers on;
|
||
|
|
||
|
#location = / {
|
||
|
# return 302 /auth/;
|
||
|
#}
|
||
|
|
||
|
location / {
|
||
|
proxy_pass https://jboss;
|
||
|
proxy_cache backcache;
|
||
|
proxy_ssl_verify off;
|
||
|
proxy_set_header Host $host;
|
||
|
proxy_set_header X-Real-IP $remote_addr;
|
||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
|
proxy_set_header X-Forwarded-Proto https;
|
||
|
}
|
||
|
proxy_buffer_size 256k;
|
||
|
proxy_buffers 4 512k;
|
||
|
proxy_busy_buffers_size 512k;
|
||
|
|
||
|
}
|
||
|
|