From 927d0e5a228800270200b91b32a84d7e2abbb193 Mon Sep 17 00:00:00 2001
From: Lebaud Antoine <lebaud.antoine131@gmail.com>
Date: Wed, 14 Feb 2024 22:42:20 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7(project)=20proxy=20Keycloak=20with?=
 =?UTF-8?q?=20nginx?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Backend and Frontend send requests to Keycloak through Nginx.

Thus, all requests from frontend and backend shared a same host
when received by Keycloak.

Otherwise, the flow is initiated from http://localhost:8080. When the Backend
calls token endpoint from Keycloak container at http://keycloak:8080,
the JWT token issuer and sender are mismatching.
---
 docker-compose.yml                         |  8 ++++++++
 docker/files/etc/nginx/conf.d/default.conf | 14 ++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index b084d4c..d102911 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -93,12 +93,14 @@ services:
     ports:
       - "8082:8082"
       - "8088:8088"
+      - "8083:8083"
     volumes:
       - ./docker/files/etc/nginx/conf.d:/etc/nginx/conf.d:ro
       - ./src/frontend/apps/desk/out:/home/desk
       - ./data/media:/data/media:ro
     depends_on:
       - app
+      - keycloak
 
   dockerize:
     image: jwilder/dockerize
@@ -152,6 +154,11 @@ services:
       - start-dev
       - --features=preview
       - --import-realm
+      - --proxy=edge
+      - --hostname-url=http://localhost:8083
+      - --hostname-admin-url=http://localhost:8083/
+      - --hostname-strict=false
+      - --hostname-strict-https=false
     environment:
       KEYCLOAK_ADMIN: admin
       KEYCLOAK_ADMIN_PASSWORD: admin
@@ -161,6 +168,7 @@ services:
       KC_DB_PASSWORD: pass
       KC_DB_USERNAME: people
       KC_DB_SCHEMA: public
+      PROXY_ADDRESS_FORWARDING: 'true'
     ports:
       - "8080:8080"
     depends_on:
diff --git a/docker/files/etc/nginx/conf.d/default.conf b/docker/files/etc/nginx/conf.d/default.conf
index 656bb28..3081a3a 100644
--- a/docker/files/etc/nginx/conf.d/default.conf
+++ b/docker/files/etc/nginx/conf.d/default.conf
@@ -32,3 +32,17 @@ server {
   }
 }
 
+
+server {
+    listen 8083;
+    server_name localhost;
+    charset utf-8;
+
+    location / {
+        proxy_pass http://keycloak:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}
+