# Keycloak - Single Sign-On (SSO) # Subpath: /keycloak # Backend: keycloak:8080 location /keycloak { # Remove /keycloak prefix before forwarding rewrite ^/keycloak(/.*)$ $1 break; # Forward to Keycloak proxy_pass http://keycloak:8080; # Preserve headers proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; # Important for Keycloak proxy_set_header X-Forwarded-Prefix /keycloak; # Session and cookie handling proxy_cookie_path / /keycloak/; # Buffer settings proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; # Timeouts proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; } # Admin console location /keycloak/admin { rewrite ^/keycloak(/.*)$ $1 break; proxy_pass http://keycloak:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Prefix /keycloak; proxy_cookie_path / /keycloak/; } # Realms location /keycloak/realms { rewrite ^/keycloak(/.*)$ $1 break; proxy_pass http://keycloak:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Prefix /keycloak; proxy_cookie_path / /keycloak/; } # Resources (CSS, JS, images) location /keycloak/resources { rewrite ^/keycloak(/.*)$ $1 break; proxy_pass http://keycloak:8080; proxy_set_header Host $host; proxy_cache_valid 200 1d; add_header Cache-Control "public, immutable"; }