Commit 9f332375 authored by nono's avatar nono 💻
Browse files

Update Keycloak

parent 9512b2c6
......@@ -4,7 +4,7 @@
## Keycloak config
keycloak_version: "15.0.2"
keycloak_version: "15.1.0"
keycloak_create_admin: false
keycloak_force_install: true
......@@ -28,37 +28,37 @@ certbot_auto_renew: true
## Nginx config
nginx_vhosts:
- listen: "443 ssl http2"
server_name: "stats.sso.lqdn.fr"
access_log: "/var/log/nginx/stats_keycloak_access.log"
error_log: "/var/log/nginx/stats_keycloak_error.log"
state: "present"
template: "{{ nginx_vhost_template }}"
filename: "stats.sso.lqdn.fr.https.conf"
extra_parameters: |
location / {
proxy_buffering off;
proxy_set_header Referer $http_referer;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_pass http://127.0.0.1:9001;
proxy_redirect off;
}
location /.well-known/acme-challenge {
alias /var/www/letsencrypt/.well-known/acme-challenge;
}
ssl_certificate /etc/letsencrypt/live/stats.sso.lqdn.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/stats.sso.lqdn.fr/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
# - listen: "443 ssl http2"
# server_name: "stats.sso.lqdn.fr"
# access_log: "/var/log/nginx/stats_keycloak_access.log"
# error_log: "/var/log/nginx/stats_keycloak_error.log"
# state: "present"
# template: "{{ nginx_vhost_template }}"
# filename: "stats.sso.lqdn.fr.https.conf"
# extra_parameters: |
# location / {
# proxy_buffering off;
# proxy_set_header Referer $http_referer;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Host $host;
# proxy_set_header X-Forwarded-Server $host;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Forwarded-Port $server_port;
# proxy_set_header Host $http_host;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection 'upgrade';
#
# proxy_pass http://127.0.0.1:9001;
# proxy_redirect off;
# }
# location /.well-known/acme-challenge {
# alias /var/www/letsencrypt/.well-known/acme-challenge;
# }
# ssl_certificate /etc/letsencrypt/live/stats.sso.lqdn.fr/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/stats.sso.lqdn.fr/privkey.pem;
# ssl_protocols TLSv1.1 TLSv1.2;
# ssl_ciphers HIGH:!aNULL:!MD5;
- listen: "443 ssl http2"
server_name: "sso.lqdn.fr"
access_log: "/var/log/nginx/keycloak_access.log"
......
......@@ -43,7 +43,6 @@
- packages-lqdn
- updates-lqdn
- ansible-role-nginx
- ansible-node-exporter
- ansible-role-certbot
- sso-lqdn
tags:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment