From 3cd36724c9a34bca64acf8a0329899b3611e4e03 Mon Sep 17 00:00:00 2001 From: Mark Ettema Date: Sat, 15 May 2021 11:42:14 +0700 Subject: [PATCH] Added nginx proxy with SSL support. TODO keycloak truststore --- dev.local.plantuml | 29 ++++++++++++++++++++++++++++ docker-compose.yml | 45 +++++++++++++++++++++++++++++++++++++------- proxy_ssl.conf | 21 +++++++++++++++++++++ src/appsettings.json | 2 +- 4 files changed, 89 insertions(+), 8 deletions(-) create mode 100644 dev.local.plantuml create mode 100644 proxy_ssl.conf diff --git a/dev.local.plantuml b/dev.local.plantuml new file mode 100644 index 0000000..131a2a5 --- /dev/null +++ b/dev.local.plantuml @@ -0,0 +1,29 @@ +@startuml + +node Host { + component Browser + + node Docker { + component Proxy + component Keycloak + component SteamIdp + component Postgresql + + Proxy --> Keycloak: keycloak (http) + Proxy --> SteamIdp: steamidp (http) + Keycloak --> Postgresql: postgres + + Proxy <-- Keycloak: dev.local (https) + } + + component SteamIdpDev as "SteamIdp" +} + +cloud Internet { + component Steam +} + +Browser --> Proxy: dev.local (https) +Proxy ..> SteamIdpDev: host.docker.internal (http) + +@enduml \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 4709acd..328323c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,9 +1,34 @@ +# Create the file docker-compose.secrets.yml and add +# ``` +# version: '2' +# services: +# proxy: +# volumes: +# - "/dev.local.crt:/tmp/dev.local.crt" +# - "/dev.local.key:/tmp/dev.local.key" +# steamidp: +# environment: +# Steam__ApplicationKey: +# ``` +# +# Than start with `docker compose -f .\docker-compose.yml -f .\docker-compose.secrets.yml up` version: '2' volumes: postgres_data: driver: local services: + proxy: + image: nginx + container_name: proxy + volumes: + - "./proxy_ssl.conf:/etc/nginx/conf.d/proxy_ssl.conf" + ports: + - 443:443 + links: + - keycloak + - steamidp + postgres: image: postgres container_name: postgres @@ -26,16 +51,22 @@ services: DB_PASSWORD: password KEYCLOAK_USER: admin KEYCLOAK_PASSWORD: changeit - ports: - - 8080:8080 + PROXY_ADDRESS_FORWARDING: "true" links: - - postgres + - postgres + extra_hosts: + - "dev.local:host-gateway" + steamidp: image: neothor/steam-openid-connect-provider:develop build: ./src - container_name: steamidp - ports: - - 80:80 + container_name: steamidp links: - - keycloak \ No newline at end of file + - keycloak + environment: + OpenID__ClientID: keycloak + OpenID__ClientName: keycloak + OpenId__ClientSecret: keycloak + OpenID__RedirectUri: https://dev.local/auth/realms/dev/broker/steam/endpoint + Hosting__BasePath: /steam \ No newline at end of file diff --git a/proxy_ssl.conf b/proxy_ssl.conf new file mode 100644 index 0000000..2f9d45d --- /dev/null +++ b/proxy_ssl.conf @@ -0,0 +1,21 @@ +server { + listen 443 ssl; + ssl_certificate /tmp/dev.local.crt; + ssl_certificate_key /tmp/dev.local.key; + + proxy_set_header X-Forwarded-For $proxy_protocol_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + + location / { + return 301 https://$host/auth/realms/dev/account; + } + + location /auth { + proxy_pass http://keycloak:8080; + } + + location /steam { + proxy_pass http://steamidp:80; + } +} \ No newline at end of file diff --git a/src/appsettings.json b/src/appsettings.json index 2b96863..9c45c2d 100644 --- a/src/appsettings.json +++ b/src/appsettings.json @@ -8,7 +8,7 @@ "OpenID": { "ClientID": "proxy", "ClientSecret": "secret", - "RedirectUri": "http://localhost:8080/auth/realms/master/broker/steam/endpoint", + "RedirectUri": "http://localhost:8080/auth/realms/dev/broker/steam-dev/endpoint", "PostLogoutRedirectUri": "" }, "Hosting": {