sortifal/SOA
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
SOA/apache/conf/extra/httpd-vhosts.conf
Alexis Bruneteau 907c476567 fix
2025-06-28 12:30:33 +02:00

84 lines
2.6 KiB
Plaintext
Raw Blame History

LoadModule ssl_module modules/mod_ssl.so
LoadModule auth_openidc_module /usr/lib/apache2/modules/mod_auth_openidc.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule headers_module modules/mod_headers.so
LogLevel debug
Listen 443
# Redirect HTTP to HTTPS for auth.local
<VirtualHost *:80>
ServerName auth.local
Redirect permanent / https://auth.local/
</VirtualHost>
# Redirect HTTP to HTTPS for api.local
<VirtualHost *:80>
ServerName api.local
Redirect permanent / https://api.local/
</VirtualHost>
# Keycloak on auth.local
<VirtualHost *:443>
ServerName auth.local
ErrorLog ${APACHE_LOG_DIR}/auth_error.log
CustomLog ${APACHE_LOG_DIR}/auth_access.log combined
SSLEngine on
SSLCertificateFile /usr/local/apache2/conf/server.crt
SSLCertificateKeyFile /usr/local/apache2/conf/server.key
# Proxy all traffic to Keycloak
ProxyPass / http://keycloak:8080/
ProxyPassReverse / http://keycloak:8080/
ProxyPreserveHost On
<Proxy *>
Require all granted
</Proxy>
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
RequestHeader set X-Forwarded-Host "auth.local"
</VirtualHost>
# APIs on api.local
<VirtualHost *:443>
ServerName api.local
ErrorLog ${APACHE_LOG_DIR}/api_error.log
CustomLog ${APACHE_LOG_DIR}/api_access.log combined
SSLEngine on
SSLCertificateFile /usr/local/apache2/conf/server.crt
SSLCertificateKeyFile /usr/local/apache2/conf/server.key
# OIDC config - point to Keycloak via auth.local
OIDCProviderMetadataURL https://auth.local/realms/master/.well-known/openid-configuration
OIDCClientID soa
OIDCRedirectURI https://api.local/api/private/redirect
OIDCClientSecret mysecret
OIDCCryptoPassphrase fdfd8280-13b5-11f0-a320-080027e6dc53
OIDCPassClaimsAs headers
OIDCClaimPrefix OIDC-
OIDCPassUserInfoAs claims
OIDCRemoteUserClaim email
OIDCScope "openid email profile"
OIDCSessionInactivityTimeout 86400
OIDCSSLValidateServer Off
# Proxy public API (no auth)
ProxyPass /api/public http://public_api:5001/
ProxyPassReverse /api/public http://public_api:5001/
# Proxy private API (OIDC protected)
ProxyPass /api/private http://private_api:5002/api/private
ProxyPassReverse /api/private http://private_api:5002/api/private
<Location /api/private>
AuthType openid-connect
Require valid-user
RequestHeader set X-User-Email "%{HTTP_OIDC_EMAIL}i"
RequestHeader set X-User-Name "%{HTTP_OIDC_PREFERRED_USERNAME}i"
</Location>
</VirtualHost>
Reference in New Issue View Git Blame Copy Permalink