Added nginx proxy with SSL support.

TODO keycloak truststore
2025-01-08 09:36:21 +00:00 · 2021-05-15 11:42:14 +07:00 · 2021-05-15 11:42:14 +07:00 · 3cd36724c9
commit 3cd36724c9
parent 425d7d1d85
4 changed files with 89 additions and 8 deletions
--- a/dev.local.plantuml
+++ b/dev.local.plantuml
@ -0,0 +1,29 @@
+@startuml
+
+node Host {
+    component Browser
+
+    node Docker {
+        component Proxy
+        component Keycloak
+        component SteamIdp
+        component Postgresql
+
+        Proxy --> Keycloak: keycloak (http)
+        Proxy --> SteamIdp: steamidp (http)
+        Keycloak --> Postgresql: postgres
+
+        Proxy <-- Keycloak: dev.local (https)
+    }
+
+    component SteamIdpDev as "SteamIdp"
+}
+
+cloud Internet {
+    component Steam
+}
+
+Browser --> Proxy: dev.local (https)
+Proxy ..> SteamIdpDev: host.docker.internal (http)
+
+@enduml
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,9 +1,34 @@
+# Create the file docker-compose.secrets.yml and add
+# ```
+# version: '2'
+# services: 
+#     proxy:
+#         volumes: 
+#             - "<your-certs>/dev.local.crt:/tmp/dev.local.crt"
+#             - "<your-certs>/dev.local.key:/tmp/dev.local.key"
+#     steamidp:
+#         environment: 
+#             Steam__ApplicationKey: <your-app-key>
+# ```
+#
+# Than start with `docker compose -f .\docker-compose.yml -f .\docker-compose.secrets.yml up`
 version: '2'
 volumes:
    postgres_data:
        driver: local

 services: 
+    proxy:
+        image: nginx
+        container_name: proxy
+        volumes: 
+            - "./proxy_ssl.conf:/etc/nginx/conf.d/proxy_ssl.conf"
+        ports:
+            - 443:443
+        links:
+            - keycloak
+            - steamidp
+
    postgres:
        image: postgres
        container_name: postgres
@ -26,16 +51,22 @@ services:
            DB_PASSWORD: password
            KEYCLOAK_USER: admin 
            KEYCLOAK_PASSWORD: changeit
-        ports:
-            - 8080:8080
+            PROXY_ADDRESS_FORWARDING: "true"
        links:
-            - postgres     
+            - postgres    
+        extra_hosts:
+            - "dev.local:host-gateway"
+            
    
    steamidp:
        image: neothor/steam-openid-connect-provider:develop
        build: ./src
-        container_name: steamidp
-        ports: 
-            - 80:80            
+        container_name: steamidp 
        links:
-            - keycloak
+            - keycloak
+        environment: 
+            OpenID__ClientID: keycloak
+            OpenID__ClientName: keycloak
+            OpenId__ClientSecret: keycloak
+            OpenID__RedirectUri: https://dev.local/auth/realms/dev/broker/steam/endpoint
+            Hosting__BasePath: /steam
--- a/proxy_ssl.conf
+++ b/proxy_ssl.conf
@ -0,0 +1,21 @@
+server {
+    listen 443 ssl;
+    ssl_certificate /tmp/dev.local.crt;
+    ssl_certificate_key /tmp/dev.local.key;
+
+    proxy_set_header X-Forwarded-For $proxy_protocol_addr;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Host $host;
+
+    location / {
+        return 301 https://$host/auth/realms/dev/account;
+    }
+
+    location /auth {
+      proxy_pass http://keycloak:8080;
+    }
+
+    location /steam {
+      proxy_pass http://steamidp:80;
+    }
+}
--- a/src/appsettings.json
+++ b/src/appsettings.json
@ -8,7 +8,7 @@
  "OpenID": {
    "ClientID": "proxy",
    "ClientSecret": "secret",
-    "RedirectUri": "http://localhost:8080/auth/realms/master/broker/steam/endpoint",
+    "RedirectUri": "http://localhost:8080/auth/realms/dev/broker/steam-dev/endpoint",
    "PostLogoutRedirectUri": ""
  },
  "Hosting": {