nginx.conf

# user nginx;
# worker_processes 1;

error_log /usr/local/openresty/nginx/logs/error.log warn;
pid /var/run/nginx.pid;


events {
  worker_connections 1024;
}

# ./etc/nginx/nginx.conf - location of nginx configuration file
# host.docker.internal - to access machine's "localhost"

env REALM;

http {
  lua_package_path "/usr/local/openresty/?.lua;;";

  server {
    listen 0.0.0.0:80;
    server_name localhost;

    expires 0;
    add_header Cache-Control private;

    location / {
      root /usr/local/openresty/nginx/html;
      index index.html index.htm;
    }

    # elasticsearch
    location /es/ {
      access_by_lua_block {
        local opts = {
          discovery = string.format("http://127.0.0.1/auth/realms/%s/.well-known/openid-configuration", os.getenv("REALM")),
          token_endpoint_auth_method = "client_secret_post",
        }
        local json, err, access_token = require("resty.openidc").bearer_jwt_verify(opts)

        if err then
        ngx.status = 401
        ngx.say(string.format([[{"message": "%s"}]], string.gsub(err, '"', '\\"')))
        ngx.exit(ngx.HTTP_UNAUTHORIZED)
        end

        ngx.log(ngx.STDERR, require("cjson").encode(json))
      }

      proxy_pass http://host.docker.internal:9200/;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Server $host;
      proxy_set_header X-Forwarded-Port $server_port;
      proxy_set_header X-Forwarded-Proto $scheme;
    }

    # keycloak
    location /auth/ {
      proxy_pass http://host.docker.internal:8080/auth/;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Server $host;
      proxy_set_header X-Forwarded-Port $server_port;
      proxy_set_header X-Forwarded-Proto $scheme;
    }

    # redirect server error pages to the static page /40x.html
    error_page 404 /404.html;
    location = /40x.html {
    }
    # redirect server error pages to the static page /50x.html
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    }
  }
}