ajit555db · July 20, 2019 17:29
diff --git a/envoy.yaml b/envoy.yaml
 static_resources:
  listeners:
  - name: listener_http
    address:
      socket_address: { address: 0.0.0.0, port_value: 80 }
    filter_chains:
    - filters:
      - name: envoy.http_connection_manager
        config:
          codec_type: auto
          stat_prefix: ingress_http
          route_config:
            virtual_hosts:
            - name: backend
              domains:
              - "*"
              routes:
              - match:
                  prefix: "/"
                redirect:
                  path_redirect: "/"
                  https_redirect: true
          http_filters:
          - name: envoy.router
            config: {}
  - name: listener_https
    address:
      socket_address: { address: 0.0.0.0, port_value: 443 }
    filter_chains:
    - filters:
      - name: envoy.http_connection_manager
        config:
          codec_type: auto
          stat_prefix: ingress_http
          route_config:
            name: local_route
            virtual_hosts:
            - name: keycloak
              domains:
              - keycloak.inuc7p.local
              routes:
              - match:
                  prefix: "/"
                route:
                  prefix_rewrite: "/"
                  cluster: keycloak
          http_filters:
          - name: envoy.router
            config: {}
      tls_context:
        common_tls_context:
          tls_certificates:
            - certificate_chain:
                filename: "/etc/envoy/certs/cert.crt"
              private_key:
                filename: "/etc/envoy/certs/cert.key"
  clusters:
  - name: keycloak
    connect_timeout: 0.25s
    type: strict_dns
    lb_policy: round_robin
    hosts:
    - socket_address:
        address: 192.168.0.109
        port_value: 9014
 admin:
  access_log_path: "/dev/null"
  address:
    socket_address:
      address: 0.0.0.0
      port_value: 8001
diff --git a/nginx-keycloak.conf b/nginx-keycloak.conf
 server {
    listen       80;
    return 301 https://$host$request_uri;
 }

 server {

    listen        443;
    server_name   localhost;

    ssl_certificate           /etc/nginx/cert.crt;
    ssl_certificate_key       /etc/nginx/cert.key;

    ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log            /var/log/nginx/jenkins.access.log;

    proxy_set_header        Host $host:8443;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;

    location / {
        proxy_pass http://keycloak:8080;
    }
 }
	static_resources:
	listeners:
	- name: listener_http
	address:
	socket_address: { address: 0.0.0.0, port_value: 80 }
	filter_chains:
	- filters:
	- name: envoy.http_connection_manager
	config:
	codec_type: auto
	stat_prefix: ingress_http
	route_config:
	virtual_hosts:
	- name: backend
	domains:
	- "*"
	routes:
	- match:
	prefix: "/"
	redirect:
	path_redirect: "/"
	https_redirect: true
	http_filters:
	- name: envoy.router
	config: {}
	- name: listener_https
	address:
	socket_address: { address: 0.0.0.0, port_value: 443 }
	filter_chains:
	- filters:
	- name: envoy.http_connection_manager
	config:
	codec_type: auto
	stat_prefix: ingress_http
	route_config:
	name: local_route
	virtual_hosts:
	- name: keycloak
	domains:
	- keycloak.inuc7p.local
	routes:
	- match:
	prefix: "/"
	route:
	prefix_rewrite: "/"
	cluster: keycloak
	http_filters:
	- name: envoy.router
	config: {}
	tls_context:
	common_tls_context:
	tls_certificates:
	- certificate_chain:
	filename: "/etc/envoy/certs/cert.crt"
	private_key:
	filename: "/etc/envoy/certs/cert.key"
	clusters:
	- name: keycloak
	connect_timeout: 0.25s
	type: strict_dns
	lb_policy: round_robin
	hosts:
	- socket_address:
	address: 192.168.0.109
	port_value: 9014
	admin:
	access_log_path: "/dev/null"
	address:
	socket_address:
	address: 0.0.0.0
	port_value: 8001
	server {
	listen 80;
	return 301 https://$host$request_uri;
	}

	server {

	listen 443;
	server_name localhost;

	ssl_certificate /etc/nginx/cert.crt;
	ssl_certificate_key /etc/nginx/cert.key;

	ssl on;
	ssl_session_cache builtin:1000 shared:SSL:10m;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
	ssl_prefer_server_ciphers on;

	access_log /var/log/nginx/jenkins.access.log;

	proxy_set_header Host $host:8443;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;

	location / {
	proxy_pass http://keycloak:8080;
	}
	}