Skip to content

Commit 2428a29

Browse files
nmorenornmorenor
authored
Move files to right path (#152)
1 parent 3cb3823 commit 2428a29

1 file changed

Lines changed: 143 additions & 0 deletions

File tree

compose/nginx/nginx-with-keycloak.conf.template

Lines changed: 143 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,143 @@
1+
### To use this file rename it to nginx.conf.template so it is picked up by the compose.yml file.
2+
events {
3+
worker_connections 1024;
4+
}
5+
6+
http {
7+
include mime.types;
8+
default_type application/octet-stream;
9+
sendfile on;
10+
keepalive_timeout 65;
11+
server {
12+
listen 443 ssl http2;
13+
server_name ${COLLAB_FQDN};
14+
proxy_buffer_size 128k;
15+
proxy_buffers 4 256k;
16+
ssl_certificate /etc/nginx/ssl/${SSL_COLLAB_CERT};
17+
ssl_certificate_key /etc/nginx/ssl/${SSL_COLLAB_KEY};
18+
ssl_dhparam /etc/nginx/ssl/${DHPARAM_PEM};
19+
ssl_prefer_server_ciphers on;
20+
ssl_protocols TLSv1.2;
21+
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
22+
location / {
23+
# Similar proxy logic for headers
24+
set $realIP $remote_addr;
25+
set $forwardTo $proxy_add_x_forwarded_for;
26+
set $reqHost $http_host;
27+
if ($http_x_real_ip != '') {
28+
set $realIP $http_x_real_ip;
29+
}
30+
if ($http_x_forwarded_for != '') {
31+
set $forwardTo $http_x_forwarded_for;
32+
}
33+
add_header C-Real-IP $realIP;
34+
add_header C-Forwarded-For $forwardTo;
35+
add_header C-Request-Host $reqHost;
36+
proxy_set_header X-Real-IP $realIP;
37+
proxy_set_header X-Forwarded-For $forwardTo;
38+
proxy_set_header Host $reqHost;
39+
proxy_set_header X-NginX-Proxy true;
40+
proxy_http_version 1.1;
41+
proxy_redirect off;
42+
proxy_pass http://codetogether-collab:1080;
43+
proxy_set_header Upgrade $http_upgrade;
44+
proxy_set_header Connection "upgrade";
45+
proxy_read_timeout 360;
46+
proxy_connect_timeout 360;
47+
proxy_send_timeout 360;
48+
}
49+
}
50+
server {
51+
server_name ${INTEL_FQDN};
52+
listen 443 ssl http2;
53+
54+
# configure proxy buffer sizes
55+
proxy_buffer_size 128k;
56+
proxy_buffers 4 256k;
57+
58+
# setup the SSL certificate
59+
ssl_certificate /etc/nginx/ssl/${SSL_INTEL_CERT};
60+
ssl_certificate_key /etc/nginx/ssl/${SSL_INTEL_KEY};
61+
ssl_dhparam /etc/nginx/ssl/${DHPARAM_PEM};
62+
ssl_prefer_server_ciphers on;
63+
ssl_protocols TLSv1.2;
64+
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
65+
66+
# create the passthrough to the CodeTogether Intel container
67+
location / {
68+
69+
# set passthru parameters for the CodeTogether Intel container
70+
set $realIP $remote_addr;
71+
set $forwardTo $proxy_add_x_forwarded_for;
72+
set $reqHost $http_host;
73+
client_max_body_size 32M;
74+
if ($http_x_real_ip != '') {
75+
set $realIP $http_x_real_ip;
76+
}
77+
if ($http_x_forwarded_for != '') {
78+
set $forwardTo $http_x_forwarded_for;
79+
}
80+
proxy_set_header X-Real-IP $realIP;
81+
proxy_set_header X-Forwarded-For $forwardTo;
82+
proxy_set_header Host $reqHost;
83+
84+
# setup the backend to service the HQ requests
85+
proxy_pass http://codetogether-intel:1080;
86+
proxy_set_header X-NginX-Proxy true;
87+
proxy_http_version 1.1;
88+
proxy_redirect off;
89+
proxy_set_header Upgrade $http_upgrade;
90+
proxy_set_header Connection "upgrade";
91+
proxy_read_timeout 360;
92+
proxy_connect_timeout 360;
93+
proxy_send_timeout 360;
94+
}
95+
}
96+
server {
97+
server_name ${KEYCLOAK_FQDN};
98+
listen 443 ssl http2;
99+
100+
# configure proxy buffer sizes
101+
proxy_buffer_size 128k;
102+
proxy_buffers 4 256k;
103+
104+
# setup the SSL certificate
105+
ssl_certificate /etc/nginx/ssl/${SSL_KEYCLOAK_CERT};
106+
ssl_certificate_key /etc/nginx/ssl/${SSL_KEYCLOAK_KEY};
107+
# ssl_dhparam /etc/nginx/ssl/${DHPARAM_PEM};
108+
ssl_prefer_server_ciphers on;
109+
ssl_protocols TLSv1.2;
110+
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
111+
112+
# create the passthrough to the CodeTogether Intel container
113+
location / {
114+
115+
# set passthru parameters for the CodeTogether Intel container
116+
set $realIP $remote_addr;
117+
set $forwardTo $proxy_add_x_forwarded_for;
118+
set $reqHost $http_host;
119+
client_max_body_size 32M;
120+
if ($http_x_real_ip != '') {
121+
set $realIP $http_x_real_ip;
122+
}
123+
if ($http_x_forwarded_for != '') {
124+
set $forwardTo $http_x_forwarded_for;
125+
}
126+
proxy_set_header X-Real-IP $realIP;
127+
proxy_set_header X-Forwarded-For $forwardTo;
128+
proxy_set_header Host $reqHost;
129+
proxy_set_header X-Forwarded-Proto https;
130+
131+
# setup the backend to service the HQ requests
132+
proxy_pass http://codetogether-keycloak:8080;
133+
proxy_set_header X-NginX-Proxy true;
134+
proxy_http_version 1.1;
135+
proxy_redirect off;
136+
proxy_set_header Upgrade $http_upgrade;
137+
proxy_set_header Connection "upgrade";
138+
proxy_read_timeout 360;
139+
proxy_connect_timeout 360;
140+
proxy_send_timeout 360;
141+
}
142+
}
143+
}

0 commit comments

Comments
 (0)