first try

.s2i/bin/assemble

@@ -1,6 +1,13 @@
 #!/bin/sh
 
-echo "I'm here !!!"
+# Exit immediately if command returns non-zero status code
+set -e
 
-exec $STI_SCRIPTS_PATH/assemble
+echo "Install nginx configuration files..."
+cp conf.d/sso-proxy.conf $NGINX_CONFIGURATION_PATH/
+
+echo "Creating empty dirs to hold serving certs and trusted CAs..."
+mkdir -p $APP_ROOT/etc/serving-cert/ $APP_ROOT/etc/ca-certs/
+
+exit 0
 

conf.d/sso-proxy.conf

@@ -0,0 +1,24 @@
+env PROXY_ROUTE_HOSTNAME;
+env APP_ROOT;
+env RESOLVER;
+env SSO_SERVICE_HOSTNAME;
+
+resolver ${RESOLVER} ipv6=off;
+
+server {
+    listen 8443 ssl;
+    server_name ${PROXY_ROUTE_HOSTNAME};
+
+    ssl on;
+    ssl_certificate ${APP_ROOT}/etc/serving-cert/tls.crt;
+    ssl_certificate_key ${APP_ROOT}/etc/serving-cert/tls.key;
+
+    location / {
+        proxy_pass http://${SSO_SERVICE_HOSTNAME};
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
+