sortifal/SOA
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
SOA/apache/conf/extra/httpd-vhosts.conf
Alexis Bruneteau 05788b3d2d config
2025-06-19 00:01:53 +02:00

79 lines
2.4 KiB
Plaintext
Raw Blame History

LoadModule ssl_module modules/mod_ssl.so
LoadModule auth_openidc_module /usr/lib/apache2/modules/mod_auth_openidc.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule headers_module modules/mod_headers.so
LogLevel debug
Listen 443
# Redirect HTTP to HTTPS for auth.local
<VirtualHost *:80>
ServerName auth.local
Redirect permanent / https://auth.local/
</VirtualHost>
# Redirect HTTP to HTTPS for api.local
<VirtualHost *:80>
ServerName api.local
Redirect permanent / https://api.local/
</VirtualHost>
# Keycloak on auth.local
<VirtualHost *:443>
ServerName auth.local
ErrorLog ${APACHE_LOG_DIR}/auth_error.log
CustomLog ${APACHE_LOG_DIR}/auth_access.log combined
SSLEngine on
SSLCertificateFile /usr/local/apache2/conf/server.crt
SSLCertificateKeyFile /usr/local/apache2/conf/server.key
# Proxy all traffic to Keycloak
ProxyPass / http://keycloak:8080/
ProxyPassReverse / http://keycloak:8080/
ProxyPreserveHost On
<Proxy *>
Require all granted
</Proxy>
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
RequestHeader set X-Forwarded-Host "auth.local"
</VirtualHost>
# APIs on api.local
<VirtualHost *:443>
ServerName api.local
ErrorLog ${APACHE_LOG_DIR}/api_error.log
CustomLog ${APACHE_LOG_DIR}/api_access.log combined
SSLEngine on
SSLCertificateFile /usr/local/apache2/conf/server.crt
SSLCertificateKeyFile /usr/local/apache2/conf/server.key
# OIDC config - point to Keycloak via auth.local
OIDCProviderMetadataURL http://keycloak:8080/realms/soa/.well-known/openid-configuration
OIDCClientID soa
OIDCRedirectURI https://api.local/api/redirect
OIDCClientSecret NuLgdHzPldRauqIln0I0TN5216PgX3Ty
OIDCCryptoPassphrase fdfd8280-13b5-11f0-a320-080027e6dc53
OIDCPassClaimsAs both
OIDCRemoteUserClaim email
OIDCSessionInactivityTimeout 86400
OIDCSSLValidateServer Off
# Proxy public API (no auth)
ProxyPass /public/ http://public_api:5001/
ProxyPassReverse /public/ http://public_api:5001/
# Proxy private API (OIDC protected)
ProxyPass /private/ http://user_api:5002/
ProxyPassReverse /private/ http://user_api:5002/
<Location /private>
AuthType openid-connect
Require valid-user
</Location>
</VirtualHost>
Reference in New Issue View Git Blame Copy Permalink