novicelab.io/nginx
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove commented out config sections

Browse Source
This commit is contained in:
kbrianngeno
2026-03-20 04:11:20 +00:00
parent 6240de4af5
commit 69ed1a853e
13 changed files with 35 additions and 219 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
data/conf.d/auth.conf
View File

@@ -28,22 +28,13 @@ server {
}
server {
listen 443 ssl; #http2;
listen [::]:443 ssl; # http2;
listen 443 ssl;
listen [::]:443 ssl; #
server_name auth.novicelab.io;
# SSL Certificate paths
ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/novicelab.io/privkey.pem;
# Trusted certificate for OCSP stapling
# ssl_trusted_certificate /etc/nginx/ssl/chain.pem;
# Cloudflare Origin CA certificate for client verification
# Cloudflare Origin CA for authenticated origin pulls (optional)
# Only enable if you want to restrict to Cloudflare only
# ssl_client_certificate /etc/nginx/ssl/client-cert.pem;
# ssl_verify_client on;
# SSL Protocol - TLS 1.2 and 1.3 only
ssl_protocols TLSv1.2 TLSv1.3;
@@ -57,9 +48,6 @@ server {
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
# OCSP Stapling
# ssl_stapling on;
# ssl_stapling_verify on;
resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
@@ -71,30 +59,20 @@ server {
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
# Diffie-Hellman parameter for DHE ciphersuites
# ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Logging
access_log /var/log/nginx/auth.novicelab.io_access.log json_combined;
error_log /var/log/nginx/auth.novicelab.io_error.log debug;
# Root and index
# root /var/www/html;
# index index.html index.htm;
# include /etc/letsencrypt/options-ssl-nginx.conf;
# set $keycloak_backend keycloak:80;
# client_max_body_size 0;
location / {
location / {
# proxy_pass http://10.0.0.253:8085/auth/;
proxy_pass http://keycloak_backend;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto https; #$scheme;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;