Keycloak: Difference between revisions
imported>Nix mNo edit summary |
imported>Riotbib No edit summary |
||
| Line 43: | Line 43: | ||
{ | { | ||
environment.noXlibs = false; | environment.noXlibs = false; | ||
} | |||
</nowiki>}} | |||
== Installation in subdirectory == | |||
Keycloak may be installed in a subdirectory of a domain. Thus you don't need to configure and expose a subdomain. For example with the following configuration, remember to edit <code>domain.tld</code>, reflecting your used domain. | |||
{{file|/etc/nixos/configuration.nix|nix|<nowiki> | |||
{ | |||
services.nginx = { | |||
enable = true; | |||
# enable recommended settings | |||
recommendedGzipSettings = true; | |||
recommendedOptimisation = true; | |||
recommendedTlsSettings = true; | |||
recommendedProxySettings = true; | |||
virtualHosts = { | |||
"domain.tld" = { | |||
forceSSL = true; | |||
enableACME = true; | |||
locations = { | |||
"/cloak/" = { | |||
proxyPass = "http://localhost:${toString config.services.keycloak.settings.http-port}/cloak/"; | |||
}; | |||
}; | |||
}; | |||
}; | |||
}; | |||
services.postgresql.enable = true; | |||
services.keycloak = { | |||
enable = true; | |||
database = { | |||
type = "postgresql"; | |||
createLocally = true; | |||
username = "keycloak"; | |||
passwordFile = "/etc/nixos/secrets/keycloak_psql_pass"; | |||
}; | |||
settings = { | |||
hostname = "domain.tld"; | |||
http-relative-path = "/cloak"; | |||
http-port = 38080; | |||
proxy = "passthrough"; | |||
http-enabled = true; | |||
}; | |||
}; | |||
} | } | ||
</nowiki>}} | </nowiki>}} | ||