dev-tools/ansible/roles/keycloak/templates/vhost.conf.j2 - airavata - Git at Google

 #
 #
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 #


 <VirtualHost *:80>
     ServerName {{ keycloak_vhost_servername }}

     ## Redirect all http traffic to https
     RewriteEngine On
     RewriteCond %{HTTPS} off
     RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
 </VirtualHost>

 <VirtualHost *:443>
     ServerName {{ keycloak_vhost_servername }}

     RequestHeader set X-Forwarded-Proto "https"
     ProxyPass / "http://localhost:8080/"
     ProxyPassReverse / "http://localhost:8080/"
     ProxyPreserveHost On
     # See https://issues.redhat.com/browse/KEYCLOAK-3067 for more info
     LimitRequestFieldSize 32768

     ErrorLog /var/log/httpd/keycloak.error.log
     CustomLog /var/log/httpd/keycloak.requests.log combined

     SSLEngine on
     # Disable SSLv3 which is vulnerable to the POODLE attack
     SSLProtocol All -SSLv2 -SSLv3
     # Created cert with certbot:
     #   certbot --apache certonly -d iamdev.scigap.org
     SSLCertificateFile {{ keycloak_ssl_certificate_file }}
     SSLCertificateChainFile {{ keycloak_ssl_certificate_chain_file }}
     SSLCertificateKeyFile {{ keycloak_ssl_certificate_key_file }}
 </VirtualHost>
	#
	#
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.
	#


	<VirtualHost *:80>
	ServerName {{ keycloak_vhost_servername }}

	## Redirect all http traffic to https
	RewriteEngine On
	RewriteCond %{HTTPS} off
	RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
	</VirtualHost>

	<VirtualHost *:443>
	ServerName {{ keycloak_vhost_servername }}

	RequestHeader set X-Forwarded-Proto "https"
	ProxyPass / "http://localhost:8080/"
	ProxyPassReverse / "http://localhost:8080/"
	ProxyPreserveHost On
	# See https://issues.redhat.com/browse/KEYCLOAK-3067 for more info
	LimitRequestFieldSize 32768

	ErrorLog /var/log/httpd/keycloak.error.log
	CustomLog /var/log/httpd/keycloak.requests.log combined

	SSLEngine on
	# Disable SSLv3 which is vulnerable to the POODLE attack
	SSLProtocol All -SSLv2 -SSLv3
	# Created cert with certbot:
	# certbot --apache certonly -d iamdev.scigap.org
	SSLCertificateFile {{ keycloak_ssl_certificate_file }}
	SSLCertificateChainFile {{ keycloak_ssl_certificate_chain_file }}
	SSLCertificateKeyFile {{ keycloak_ssl_certificate_key_file }}
	</VirtualHost>