about summary refs log tree commit diff
path: root/ops/machines/whitby/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'ops/machines/whitby/default.nix')
-rw-r--r--ops/machines/whitby/default.nix19
1 files changed, 6 insertions, 13 deletions
diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix
index 3fc708e690d1..5de8481878bf 100644
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@@ -604,25 +604,18 @@ in
   services.keycloak = {
     enable = true;
     httpPort = "5925"; # "kycl"
-    frontendUrl = "https://auth.tvl.fyi/auth/";
+
+    settings = {
+      hostname = "auth.tvl.fyi";
+      http-relative-path = "/auth";
+      proxy = "edge";
+    };
 
     database = {
       type = "postgresql";
       passwordFile = "/run/agenix/keycloak-db";
       createLocally = false;
     };
-
-    # Configure Keycloak to look at forwarded headers from the reverse
-    # proxy.
-    extraConfig = {
-      "subsystem=undertow" = {
-        "server=default-server" = {
-          "http-listener=default" = {
-            proxy-address-forwarding = "true";
-          };
-        };
-      };
-    };
   };
 
   # Allow Keycloak access to the LDAP module by forcing in the JVM