Corrections, including reinstating missing /oidc location in nginx.conf

wmo-im · Jan 23, 2024 · af3b781 · af3b781
1 parent f27a55a
commit af3b781
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 10 deletions.
diff --git a/keycloak/README.md b/keycloak/README.md
@@ -5,7 +5,7 @@ The following instructions describe how to manually configure keycloak by creati
 - A realm is an isolated environment within Keycloak for managing users, roles, and authentication and authorization settings for a specific set of applications or services.
 - A client represents an application or service that is secured by Keycloak and is configured to use Keycloak for authentication and authorization.
 
-These instructions are temporary. The required realm and client will be imported/created automatically then the container is built, leaving only the creation and management of users and groups.
+These instructions are temporary. The required realm and client will be imported/created automatically when the container is built, leaving only the creation and management of users and groups.
 
 ## Creating a realm
 

diff --git a/nginx/nginx.conf b/nginx/nginx.conf
@@ -26,24 +26,31 @@
         proxy_buffers       4 256k;
         proxy_busy_buffers_size   256k;
 
+        location /oidc {
+            proxy_pass http://wis2box-auth:80/oidc;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+
         location /login {
             # Optional. Visitng a protected url will redirect to login without explicitly visiting /login
-            proxy_pass http://wis2box-auth:80/login;
+            proxy_pass http://wis2box-auth:80/oidc/login;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Proto $scheme;
         }
 
         location = /logout {
-        # Logout the session locally then redirect to keycloak using the 'next' parameter to also logout there
-        proxy_pass http://wis2box-auth:80/oidc/logout?next=${WIS2BOX_URL}:8180/realms/wis2box/protocol/openid-connect/logout;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-    }
-
+            # Logout the session locally then redirect to keycloak using the 'next' parameter to also logout there
+            proxy_pass http://wis2box-auth:80/oidc/logout?next=${WIS2BOX_URL}:8180/realms/wis2box/protocol/openid-connect/logout;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
 
         # Proxy requests to the bucket "wis2box-incoming" to MinIO container running on port 9000
         # NOTE do not use rewrite, it crashes the upload