Merge pull request #8 from bento-platform/fix/no-tls-auth

fix: forward traffic to keycloak if tls_no+internal_idp
bento-platform · Feb 16, 2024 · 4d7d213 · 4d7d213
2 parents 90886ab + c6f61b8
commit 4d7d213
Showing 1 changed file with 22 additions and 0 deletions.
diff --git a/conf/nginx.conf.tpl b/conf/nginx.conf.tpl
@@ -107,6 +107,28 @@ http {
 
     # tpl__tls_yes__end
 
+    # tpl__tls_no__start
+    # tpl__internal_idp__start
+    # Keycloak for no-TLS setups; in this case, the TLS connection is terminated before traffic gets to the gateway, so
+    # we have to proxy_pass here instead of streaming traffic above.
+    server {
+        listen      80;
+        server_name ${BENTOV2_AUTH_DOMAIN};
+
+        location / {
+            # Reverse proxy settings
+            include     /gateway/conf/proxy.conf;
+
+            # Immediate set/re-use means we don't get resolve errors if not up (as opposed to passing as a literal)
+            set         $upstream_auth http://${BENTOV2_AUTH_CONTAINER_NAME}:${BENTOV2_AUTH_INTERNAL_PORT};
+            proxy_pass  $upstream_auth;
+
+            error_log   /var/log/bentov2_auth_errors.log;
+        }
+    }
+    # tpl__internal_idp__end
+    # tpl__tls_no__end
+
     # Bento Public
     map $http_origin $public_cors {
         default                          '';