nginx.conf

worker_processes 1;
daemon off;

error_log stderr;
events { worker_connections 1024; }

http {
  server_tokens off; 
  charset utf-8;
  # Disable access log because it is already done by Cf routing layer
  access_log off;
  default_type text/html;
  include mime.types;
  sendfile on;
  tcp_nopush on;
  keepalive_timeout 30;
  port_in_redirect off;

  # 'resolver' needs to be set if we need to force Ngix to resolve from "time to time"
  # 'proxy_pass'. If not, nginx will only resolve dns one time.
  # (169.254.0.2 is the local resolver for CF Diego containers)
  resolver 169.254.0.2 valid=60s;

  server {
    listen {{port}};
    
    location /auth/admin {
        deny all;
    }
    
    location / {
        # Set the 'backend' variable to the internal route of keycloak, using an
        # environment variable. E.g. 'keycloak.apps.internal'. You would need to
        # comment out 'resolver' in order to allow dynamic dns resolution.
        set $backend {{env "BACKEND"}};
        proxy_pass $scheme://$backend;
        #proxy_redirect default;
        #proxy_buffering off;

        proxy_set_header Origin $scheme://$host;
        proxy_set_header X-Forwarded-Host   $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Real-IP $remote_addr;
    }
  }
}