feat: initial commit

2025-06-02 14:55:56 +01:00 · 2025-06-02 14:55:56 +01:00 · 072a1ed764
commit 072a1ed764
36 changed files with 1089 additions and 0 deletions
--- a/roles/podman_identity/templates/nginx.conf
+++ b/roles/podman_identity/templates/nginx.conf
@ -0,0 +1,39 @@
+# {{ ansible_managed }}
+
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name {{ podman_identity_keycloak_hostname }};
+    server_tokens off;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://{{ podman_identity_keycloak_hostname }}$request_uri;
+    }
+}
+
+server {
+    listen 443 default_server ssl;
+    listen [::]:443 ssl;
+    http2 on;
+
+    server_name {{ podman_identity_keycloak_hostname }};
+    server_tokens off;
+
+    ssl_certificate /etc/letsencrypt/live/{{ podman_identity_keycloak_hostname }}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/{{ podman_identity_keycloak_hostname }}/privkey.pem;
+
+    location / {
+        proxy_pass http://keycloak:8080/;
+        proxy_redirect off;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port 443;
+    }
+}