Crear estructura para el frontal TLS en contenedor NGINX

2022-09-12 21:59:37 +01:00 · 2022-09-12 21:59:37 +01:00 · a0b998da64
parent 1a0808071a
commit a0b998da64
3 changed files with 38 additions and 0 deletions
--- a/nginx-proxy/acme/.gitkeep
+++ b/nginx-proxy/acme/.gitkeep
--- a/nginx-proxy/certs/.gitkeep
+++ b/nginx-proxy/certs/.gitkeep
--- a/nginx-proxy/nginx.conf
+++ b/nginx-proxy/nginx.conf
@ -0,0 +1,38 @@
+events {
+}
+
+http {
+
+  server {
+    listen 80;
+    server_name _;
+
+    location /.well-known/acme-challenge {
+      root /acme;
+      try_files $uri $uri/ =404;
+    }
+
+    location / {
+      return 301 https://$host$request_uri;
+    }
+  }
+
+  server {
+    listen 443 ssl;
+    server_name _;
+
+    include       /etc/nginx/mime.types;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_certificate     /certs/keycloak-cert.pem;
+    ssl_certificate_key /certs/keycloak-key.pem;
+
+    proxy_set_header X-Forwarded-For $proxy_protocol_addr; # To forward the original client's IP address
+    proxy_set_header X-Forwarded-Proto $scheme;            # To forward the  original protocol (HTTP or HTTPS)
+    proxy_set_header Host $host;                           # To forward the original host requested by the client
+
+    location / {
+      proxy_pass http://keycloak:8080;       # 'keycloak' refers to Keycloak's container name in docker-compose
+    }
+  }
+}