Restrict Keycloak access (no admin console), redirect / to account
diff --git a/nginx/id.sa.conf b/nginx/id.sa.conf
index b64cc7d..e4ca580 100644
--- a/nginx/id.sa.conf
+++ b/nginx/id.sa.conf
@@ -8,9 +8,17 @@
rewrite ^/auth(.*)$ $1 last;
}
- location / {
+ location = / { # For convenience, redirect to account console.
+ rewrite ^.*$ /realms/sourcearcade/account last;
+ }
+
+ location ~ ^/(?:realms|resources|js)/ {
proxy_pass http://keycloak:8080;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
}
+
+ location / {
+ return 403;
+ }
}