Files

Azouhri Abdelaziz bd6a8965ea Deploy-only: backend, frontend, worker, docker, config, env.staging.example

Co-authored-by: Cursor <cursoragent@cursor.com>

2026-02-04 14:16:04 +01:00

README.md

Deploy-only: backend, frontend, worker, docker, config, env.staging.example

2026-02-04 14:16:04 +01:00

README.md

Nginx config for staging/production

Keycloak (staging: auth.getlinkzen.com | production: auth.filezzy.com)

For the Keycloak admin console to work (no "Timeout when waiting for 3rd party check iframe message"), the reverse proxy must send:

X-Forwarded-Proto: $scheme (https)
X-Forwarded-Host: $host (auth.getlinkzen.com)
X-Forwarded-For: $proxy_add_x_forwarded_for

Required location block

Inside the server { server_name auth.getlinkzen.com; ... } block:

location / {
    proxy_pass http://127.0.0.1:8180;
    proxy_http_version 1.1;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host $host;   # required for Keycloak admin console
}

The deploy script (step 8a1) runs scripts/ensure-nginx-keycloak-headers.sh from the bundle. It uses:

Staging: default site /etc/nginx/sites-available/auth-getlinkzen
Production: NGINX_SITE=/etc/nginx/sites-available/auth-filezzy (set by deploy-production.ps1)

The script fixes a wrong X-Forwarded-Host value or adds the line if missing, then reloads nginx. If the server user cannot run sudo, add the headers manually to the appropriate site file and run sudo nginx -t && sudo systemctl reload nginx.