mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2025-01-18 08:06:16 +01:00
7b14027a45
> 2024/06/02 11:05:53 \[warn\] 30324#30324: the "listen ... http2" directive is deprecated, use the "http2" directive instead Fixes https://gitlab.archlinux.org/archlinux/infrastructure/-/issues/589
67 lines
2.4 KiB
Django/Jinja
67 lines
2.4 KiB
Django/Jinja
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
server_name {{ keycloak_domain }};
|
|
|
|
access_log /var/log/nginx/{{ keycloak_domain }}/access.log reduced;
|
|
access_log /var/log/nginx/{{ keycloak_domain }}/access.log.json json_reduced;
|
|
error_log /var/log/nginx/{{ keycloak_domain }}/error.log;
|
|
|
|
include snippets/letsencrypt.conf;
|
|
|
|
location / {
|
|
access_log off;
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
http2 on;
|
|
server_name {{ keycloak_domain }};
|
|
|
|
access_log /var/log/nginx/{{ keycloak_domain }}/access.log reduced;
|
|
access_log /var/log/nginx/{{ keycloak_domain }}/access.log.json json_reduced;
|
|
error_log /var/log/nginx/{{ keycloak_domain }}/error.log;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/{{ keycloak_domain }}/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/{{ keycloak_domain }}/privkey.pem;
|
|
ssl_trusted_certificate /etc/letsencrypt/live/{{ keycloak_domain }}/chain.pem;
|
|
|
|
root {{ keycloak_domain }};
|
|
|
|
# https://w3c.github.io/webappsec-change-password-url/
|
|
location = /.well-known/change-password {
|
|
return 302 https://$server_name/realms/archlinux/account/#/security/signingin;
|
|
}
|
|
|
|
location ~ /realms/[a-z]+/metrics {
|
|
auth_basic "Prometheus exporter";
|
|
auth_basic_user_file {{ keycloak_nginx_htpasswd }};
|
|
|
|
access_log /var/log/nginx/{{ keycloak_domain }}/access.log main;
|
|
access_log /var/log/nginx/{{ keycloak_domain }}/access.log.json json_main;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_pass http://127.0.0.1:{{ keycloak_port }};
|
|
}
|
|
|
|
location / {
|
|
access_log /var/log/nginx/{{ keycloak_domain }}/access.log main;
|
|
access_log /var/log/nginx/{{ keycloak_domain }}/access.log.json json_main;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_pass http://127.0.0.1:{{ keycloak_port }};
|
|
proxy_buffer_size 8k;
|
|
}
|
|
|
|
location = / {
|
|
return 301 https://$server_name/realms/archlinux/account;
|
|
}
|
|
}
|