-
Notifications
You must be signed in to change notification settings - Fork 84
/
id.acme.test.conf
34 lines (25 loc) · 1.1 KB
/
id.acme.test.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
ServerName id.acme.test
ServerAdmin admin@id.acme.test
# See https://ubiq.co/tech-blog/remove-server-name-apache-response-header/
ServerSignature Off
ServerTokens Prod
<VirtualHost *:443>
ProxyHCExpr found_issuer {hc('body') =~ /issuer/}
ProxyStatus Full
<Proxy "balancer://keycloak">
BalancerMember http://acme-keycloak-1:8080 route=1 connectiontimeout=2 hcmethod=GET hcexpr=found_issuer hcuri=/auth/realms/master/.well-known/openid-configuration
BalancerMember http://acme-keycloak-2:8080 route=2 connectiontimeout=2 hcmethod=GET hcexpr=found_issuer hcuri=/auth/realms/master/.well-known/openid-configuration
ProxySet stickysession=ROUTEID
</Proxy>
<Location />
Header add Set-Cookie "KC_ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
ProxyPreserveHost on
ProxyPass "balancer://keycloak/" stickysession=KC_ROUTEID|kc_routeid scolonpathdelim=On
ProxyPassReverse "balancer://keycloak/"
</Location>
<Location /server-status>
ProxyPass !
SetHandler server-status
# THIS SHOULD BE PROTECTED
</Location>
</VirtualHost>