keycloak: Limit access to management console

2023-06-08 10:03:58 +02:00 · 2023-06-08 10:03:58 +02:00 · 46919ae952
commit 46919ae952
parent 99f1c28019
1 changed files with 8 additions and 1 deletions
--- a/modules/keycloak/default.nix
+++ b/modules/keycloak/default.nix
@ -27,7 +27,14 @@ in
      virtualHosts = {
        "${config.services.keycloak.settings.hostname}" = {
          extraConfig = ''
-            reverse_proxy ${config.services.keycloak.settings.http-host}:${toString config.services.keycloak.settings.http-port}
+            @public_or_allowed_remote {
+              not {
+                not path /realms/* /resources/* /js/* /robots.txt
+                not remote_ip 100.64.0.0/10 86.85.243.40/32
+              }
+            }
+
+            reverse_proxy @public_or_allowed_remote ${config.services.keycloak.settings.http-host}:${toString config.services.keycloak.settings.http-port}
          '';
        };
      };