fix keycloak remote IP detection

2024-07-17 21:54:47 -07:00 · 2024-07-17 21:54:47 -07:00 · b9b87b326d
commit b9b87b326d
parent 5682160eab
2 changed files with 6 additions and 7 deletions
--- a/k8s/keycloak/deployment.yaml
+++ b/k8s/keycloak/deployment.yaml
@ -28,10 +28,6 @@ spec:
            subPath: ca.crt
            readOnly: true
          env:
-            - name: KEYCLOAK_ADMIN
-              value: "admin"
-            - name: KEYCLOAK_ADMIN_PASSWORD
-              value: "admin"
            - name: KC_HTTPS_CERTIFICATE_FILE
              value: "/etc/certs/tls.crt"
            - name: KC_HTTPS_CERTIFICATE_KEY_FILE
@ -44,10 +40,8 @@ spec:
              value: https://auth-next.janky.solutions/
            - name: KC_HOSTNAME
              value: https://auth-next.janky.solutions/
-            - name: KC_PROXY
-              value: reencrypt
            - name: KC_PROXY_HEADERS
-              value: forwarded
+              value: xforwarded
            - name: KC_DB
              value: postgres
            - name: KC_DB_URL
--- a/k8s/keycloak/ingress.yaml
+++ b/k8s/keycloak/ingress.yaml
@ -11,7 +11,12 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: keycloak
+  annotations:
+     cert-manager.io/cluster-issuer: letsencrypt
 spec:
+  tls:
+    - hosts: [auth-next.janky.solutions]
+      secretName: auth-next.janky.solutions
  rules:
    - host: auth-next.janky.solutions
      http: