-
Notifications
You must be signed in to change notification settings - Fork 1
Configure Nginx
In this step we will discard the configuration that we added previously, and will set up the Nginx to its final SSL-based configuration.
The final configuration will use a signed certificate to allow Nginx to respond on SSL port 443.
On RHEL 6.6 there are three main choices:
- Generate the self-signed certificate for the server
- Buy a certificate from a Certification Authority
- Use the a free certification service, for instance "Let's Encrypt'
Currently we are using the Let's Encrypt service for our server machines.
For OS X, in order to make things simple, we will use the pre-generated self-signed wildcard certificate for *.metadatacenter.orgx.
At the bottom of this guide we include the documentation on how to create the self-signed certificate.
So as a first step, please remove the previously added block from the Nginx configuration file.
Delete the following content added in the previous step (Configure Nginx for Keycloak):
proxy_http_version 1.1; # this is essential for chunked responses to work
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
upstream cedar-backend-auth-http {
server 127.0.0.1:8080;
}
server {
listen 80;
server_name auth.<HOSTNAME>;
location / {
proxy_pass http://cedar-backend-auth-http;
}
}