Last active
December 17, 2019 01:03
-
-
Save Kurt108/7f5415d268f815067252d582044bc99d to your computer and use it in GitHub Desktop.
using keycloak-gatekeeper with matomo for single-sign on
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| server_name analytics-admin-proxy.domain; | |
| root /var/www/piwik; | |
| access_log /var/log/nginx/access-piwik-admin.log combined; | |
| error_log /var/log/nginx/error-piwik-admin.log; | |
| index index.php; | |
| listen 8081 default_server; | |
| location / { | |
| try_files $uri $uri/ /index.php$args; | |
| } | |
| location /index.php { | |
| fastcgi_pass 127.0.0.1:9000; | |
| fastcgi_split_path_info ^(.+\.php)(/.*)$; | |
| include fastcgi_params; | |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| fastcgi_param HTTPS on; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| server_name analytics-admin.domain; | |
| root /var/www/piwik; | |
| access_log /var/log/nginx/access-piwik-adminproxy.log combined; | |
| error_log /var/log/nginx/error-piwik-adminproxy.log; | |
| listen 80; | |
| location / { | |
| proxy_pass http://analytics_proxy; | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| server_name analytics.domain; | |
| root /var/www/piwik; | |
| access_log off; | |
| error_log /var/log/nginx/error-piwik.log; | |
| index piwik.php; | |
| listen 80 default_server; | |
| location / { | |
| try_files $uri $uri/ /index.php$args; | |
| } | |
| location = /piwik.php { | |
| fastcgi_pass 127.0.0.1:9000; | |
| fastcgi_split_path_info ^(.+\.php)(/.*)$; | |
| include fastcgi_params; | |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| fastcgi_param HTTPS on; | |
| } | |
| location /index.php { | |
| if ($arg_action != optOut) { | |
| return 404; | |
| } | |
| fastcgi_pass 127.0.0.1:9000; | |
| fastcgi_split_path_info ^(.+\.php)(/.*)$; | |
| include fastcgi_params; | |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| fastcgi_param HTTPS on; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| analytics.domain:80 => nginx serving index.php | |
| analytics-admin.domain:80 => nginx proxy forward to localhost:81 | |
| localhost:81 => keycloak-proxy authenticates against sso => forwards to localhost:8081 | |
| localhost:8081 => nginx serving piwik.php |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| client-id: xxxxxxxxxx | |
| client-secret: axxxxxxxxxxx | |
| discovery-url: https://sso.domain/.well-known/openid-configuration | |
| listen: 0.0.0.0:81 | |
| log-json: true | |
| log-requests: true | |
| redirection-url: https://analytics-admin.domain | |
| resources: | |
| - uri: /* | |
| secure-cookie: true | |
| upstream-url: http://127.0.0.1:8081 | |
| verbose: true | |
| headers: | |
| Authorization: | |
| Basic: | |
| - Piwik |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment