From 0362bf26f4a20c71f36edc86333ac46f2f1e3116 Mon Sep 17 00:00:00 2001
From: "Neuman F." <61904986+neumanf@users.noreply.github.com>
Date: Fri, 20 Sep 2024 19:17:44 -0300
Subject: [PATCH] fix: enable reverse proxy configuration for Keycloak (#65)

---
 docker-compose.prod.yml     | 3 ++-
 docker-compose.testing.yml  | 3 ++-
 docker-compose.yml          | 3 ++-
 infra/nginx/conf/nginx.conf | 5 +++++
 4 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index e4dd543..1082acf 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -37,7 +37,8 @@ services:
             KC_METRICS_ENABLED: 'true'
             KC_HOSTNAME_STRICT_HTTPS: 'false'
             KC_HOSTNAME_URL: ${KEYCLOAK_URL}
-            KC_PROXY: reencrypt
+            KC_PROXY: edge
+            KC_PROXY_HEADERS: xforwarded
             KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
             KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
         depends_on:
diff --git a/docker-compose.testing.yml b/docker-compose.testing.yml
index 6b3906c..75cb9b1 100644
--- a/docker-compose.testing.yml
+++ b/docker-compose.testing.yml
@@ -42,7 +42,8 @@ services:
             KC_METRICS_ENABLED: 'true'
             KC_HOSTNAME_STRICT_HTTPS: 'false'
             KC_HOSTNAME_URL: ${KEYCLOAK_URL:-http://0.0.0.0:9090}
-            KC_PROXY: reencrypt
+            KC_PROXY: edge
+            KC_PROXY_HEADERS: xforwarded
             KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN:-admin}
             KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin}
         depends_on:
diff --git a/docker-compose.yml b/docker-compose.yml
index 188732b..5d5a304 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -42,7 +42,8 @@ services:
             KC_METRICS_ENABLED: 'true'
             KC_HOSTNAME_STRICT_HTTPS: 'false'
             KC_HOSTNAME_URL: ${KEYCLOAK_URL:-http://0.0.0.0:9090}
-            KC_PROXY: reencrypt
+            KC_PROXY: edge
+            KC_PROXY_HEADERS: xforwarded
             KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN:-admin}
             KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin}
         depends_on:
diff --git a/infra/nginx/conf/nginx.conf b/infra/nginx/conf/nginx.conf
index cc50318..52c4857 100644
--- a/infra/nginx/conf/nginx.conf
+++ b/infra/nginx/conf/nginx.conf
@@ -80,5 +80,10 @@ server {
 
     location / {
         proxy_pass http://keycloak:8080;
+
+        proxy_set_header X-Forwarded-For $proxy_protocol_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Port 443;
     }
 }