keycloak の NGNX設定(SSLアクセラレーション)
めもめも
- HTTPS での接続を HTTPでProxyする
- HTTP での接続はそのまま繋げる
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
server_name ${domain name};
port_in_redirect off;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://keycloak;
}
}
server {
listen 443;
server_name ${domain name};
ssl on;
ssl_certificate ${server.crt};
ssl_certificate_key ${server.key};
# ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
port_in_redirect off;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://keycloak;
proxy_redirect http:// https://;
}
}
upstream keycloak {
server localhost:8080;
}
参考
【Nginx】リバースプロキシとSSLオフロード(アクセラレーション) | ぴぐろぐ
moremagic
2018-02-20