Added nginx proxy with SSL support.

TODO keycloak truststore

dev.local.plantuml

@@ -0,0 +1,29 @@
+@startuml
+
+node Host {
+    component Browser
+
+    node Docker {
+        component Proxy
+        component Keycloak
+        component SteamIdp
+        component Postgresql
+
+        Proxy --> Keycloak: keycloak (http)
+        Proxy --> SteamIdp: steamidp (http)
+        Keycloak --> Postgresql: postgres
+
+        Proxy <-- Keycloak: dev.local (https)
+    }
+
+    component SteamIdpDev as "SteamIdp"
+}
+
+cloud Internet {
+    component Steam
+}
+
+Browser --> Proxy: dev.local (https)
+Proxy ..> SteamIdpDev: host.docker.internal (http)
+
+@enduml

docker-compose.yml

@@ -1,9 +1,34 @@
+# Create the file docker-compose.secrets.yml and add
+# ```
+# version: '2'
+# services: 
+#     proxy:
+#         volumes: 
+#             - "<your-certs>/dev.local.crt:/tmp/dev.local.crt"
+#             - "<your-certs>/dev.local.key:/tmp/dev.local.key"
+#     steamidp:
+#         environment: 
+#             Steam__ApplicationKey: <your-app-key>
+# ```
+#
+# Than start with `docker compose -f .\docker-compose.yml -f .\docker-compose.secrets.yml up`
 version: '2'
 volumes:
     postgres_data:
         driver: local
 
 services: 
+    proxy:
+        image: nginx
+        container_name: proxy
+        volumes: 
+            - "./proxy_ssl.conf:/etc/nginx/conf.d/proxy_ssl.conf"
+        ports:
+            - 443:443
+        links:
+            - keycloak
+            - steamidp
+
     postgres:
         image: postgres
         container_name: postgres
@@ -26,16 +51,22 @@ services:
             DB_PASSWORD: password
             KEYCLOAK_USER: admin 
             KEYCLOAK_PASSWORD: changeit
-        ports:
+            PROXY_ADDRESS_FORWARDING: "true"
-            - 8080:8080
         links:
             - postgres    
+        extra_hosts:
+            - "dev.local:host-gateway"
+            
     
     steamidp:
         image: neothor/steam-openid-connect-provider:develop
         build: ./src
         container_name: steamidp 
-        ports: 
-            - 80:80            
         links:
             - keycloak
+        environment: 
+            OpenID__ClientID: keycloak
+            OpenID__ClientName: keycloak
+            OpenId__ClientSecret: keycloak
+            OpenID__RedirectUri: https://dev.local/auth/realms/dev/broker/steam/endpoint
+            Hosting__BasePath: /steam

proxy_ssl.conf

@@ -0,0 +1,21 @@
+server {
+    listen 443 ssl;
+    ssl_certificate /tmp/dev.local.crt;
+    ssl_certificate_key /tmp/dev.local.key;
+
+    proxy_set_header X-Forwarded-For $proxy_protocol_addr;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Host $host;
+
+    location / {
+        return 301 https://$host/auth/realms/dev/account;
+    }
+
+    location /auth {
+      proxy_pass http://keycloak:8080;
+    }
+
+    location /steam {
+      proxy_pass http://steamidp:80;
+    }
+}

src/appsettings.json

@@ -8,7 +8,7 @@
   "OpenID": {
     "ClientID": "proxy",
     "ClientSecret": "secret",
-    "RedirectUri": "http://localhost:8080/auth/realms/master/broker/steam/endpoint",
+    "RedirectUri": "http://localhost:8080/auth/realms/dev/broker/steam-dev/endpoint",
     "PostLogoutRedirectUri": ""
   },
   "Hosting": {