Differences

This shows you the differences between two versions of the page.

--- iam_production_deployment_guide [2026/02/26 10:14] – [Proxy through NGINX] pradnya
+++ iam_production_deployment_guide [2026/02/26 12:47] (current) – [cPanel's userdata include] pradnya
@@ Line 331: / Line 331: @@
 </code>
-===== Proxy through NGINX =====
+===== Proxy through NGINX - Droplet FIX =====
 To resolve on browser error "We are sorry… HTTPS required"
@@ Line 403: / Line 403: @@
 <code>
+keycloak:
-keycloak:\\
+image: quay.io/keycloak/keycloak:26.1.0
-image: quay.io/keycloak/keycloak:26.1.0\\
+container_name: keycloak_app
-container_name: keycloak_app\\
+command: start
-command: start\\
+ports:
-ports:\\
+  - "8080:8080"
-  - "8080:8080"\\
+environment:
-environment:\\
+  KC_DB: postgres
-  KC_DB: postgres\\
+  KC_DB_URL: jdbc:postgresql://keycloak_db:5432/keycloak
-  KC_DB_URL: jdbc:postgresql://keycloak_db:5432/keycloak\\
+  KC_DB_USERNAME: keycloak_user
-  KC_DB_USERNAME: keycloak_user\\
+  KC_DB_PASSWORD:
-  KC_DB_PASSWORD:\\
+  KC_BOOTSTRAP_ADMIN_USERNAME: admin
-  KC_BOOTSTRAP_ADMIN_USERNAME: admin\\
+  KC_BOOTSTRAP_ADMIN_PASSWORD:
-  KC_BOOTSTRAP_ADMIN_PASSWORD:\\
+  KC_HTTP_ENABLED: "true"
-  KC_HTTP_ENABLED: "true"\\
+  KC_HTTP_PORT: "8080"
-  KC_HTTP_PORT: "8080"\\
+  KC_PROXY_HEADERS: xforwarded
-  KC_PROXY_HEADERS: xforwarded\\
+  KC_HOSTNAME: "https://64.227.190.56"
-  KC_HOSTNAME: "https://64.227.190.56"\\
   KC_HOSTNAME_STRICT: "false"
+</code>
+Start NginX
+<code>
+systemctl restart nginx
 </code>
+Check/Configure Firewall rules for URL as follows
+**Configure Inbound Rules**
+Add these inbound rules:
+^Type^Protocol^Port^Sources|
+|HTTP|TCP|80|All IPv4, All IPv6|
+|HTTPS|TCP|443|All IPv4, All IPv6|
+|SSH|TCP|22| \\ All IPv4, All IPv6|
+Allow Nginx to connect to local ports
+<code>
+ setsebool -P httpd_can_network_connect 1
+#or
+setenforce 1
+</code>
+Stop docker and NginX and start again.
+===== cPanel's userdata include =====
+**Step 1: Create the userdata directories**
+bash
+<code>
+mkdir -p /etc/apache2/conf.d/userdata/std/2_4/ctapi/kcloak.ctapi.in/
+mkdir -p /etc/apache2/conf.d/userdata/ssl/2_4/ctapi/kcloak.ctapi.in/
+</code>
+**Step 2: Create HTTP proxy config**
+bash
+<code>
+nano /etc/apache2/conf.d/userdata/std/2_4/ctapi/kcloak.ctapi.in/proxy.conf
+</code>
+Add:
+<code>
+RewriteEngine On RewriteRule ^(.*)$ https://kcloak.ctapi.in$1 [R=301,L]<code>
+**Step 3: Create HTTPS proxy config**
+bash
+<code>nano /etc/apache2/conf.d/userdata/ssl/2_4/ctapi/kcloak.ctapi.in/proxy.conf
+</code>
+Add:
+<code>
+ProxyPreserveHost On\
+ProxyPass / http://127.0.0.1:8080/\
+ProxyPassReverse / http://127.0.0.1:8080/\
+RequestHeader set X-Forwarded-Proto "https"\
+RequestHeader set X-Forwarded-Port "443"
+</code>
+**Step 4: Rebuild Apache config and restart**
+bash
+<code>
+/scripts/rebuildhttpdconf
+httpd -t
+systemctl restart httpd
+</code>
+Then test:
+bash
+<code>
+curl -I https://kcloak.ctapi.in
+</code>
+Expected result:
+<code>
+curl -I [[https://kcloak.ctapi.in/|https://kcloak.ctapi.in]]
+HTTP/1.1 302 Found Date: Thu, 26 Feb 2026 11:22:25 GMT
+Server: Apache
+Location: [[https://kcloak.ctapi.in/admin/|https://kcloak.ctapi.in/admin/]]
+Referrer-Policy: no-referrer
+Strict-Transport-Security: max-age=31536000; includeSubDomains
+X-Content-Type-Options: nosniff
+X-XSS-Protection: 1;
+mode=block
+</code>
+Check for **Location: https://kcloak.ctapi.in/admin/|https://kcloak.ctapi.in/admin/**
+This is poining to correct directory and not apache direcoty with cgi folder.