auth.opencdms.org.conf

upstream keycloak-web {
 server keycloak:8080;
}

server {
  # set proper server name after domain set
  server_name auth.opencdms.org;
  proxy_set_header X-Forwarded-Host $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;

  add_header X-Frame-Options "SAMEORIGIN";
  add_header X-XSS-Protection "1; mode=block";
  # log files
  access_log  /var/log/nginx/-access.log;
  error_log       /var/log/nginx/-error.log;
  #   increase    proxy   buffer  size
  proxy_buffers   16  64k;
  proxy_buffer_size   128k;
  proxy_read_timeout 900s;
  proxy_connect_timeout 900s;
  proxy_send_timeout 900s;
  proxy_next_upstream error   timeout invalid_header  http_500    http_502
  http_503;
  types {
    text/less less;
    text/scss scss;
  }
  #   enable  data    compression
  gzip    on;
  gzip_min_length 1100;
  gzip_buffers    4   32k;
  gzip_types  text/css text/less text/plain text/xml application/xml application/json application/javascript application/pdf image/jpeg image/png;
  gzip_vary   on;
  client_header_buffer_size 4k;
  large_client_header_buffers 4 64k;
  client_max_body_size 0;
  location / {
    proxy_pass  http://keycloak-web;
    # by default, do not forward anything
    proxy_redirect off;
    proxy_set_header Host $host;
  }

  listen 443 ssl; # managed by Certbot
  ssl_certificate /etc/letsencrypt/live/auth.opencdms.org/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/auth.opencdms.org/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
  listen 80;
}

server {
    if ($host = auth.opencdms.org) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

  server_name auth.opencdms.org;
    listen 80;
    return 404; # managed by Certbot
}