| # |
| # |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| # |
| |
| |
| <VirtualHost *:80> |
| ServerName {{ keycloak_vhost_servername }} |
| |
| ## Redirect all http traffic to https |
| RewriteEngine On |
| RewriteCond %{HTTPS} off |
| RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} |
| </VirtualHost> |
| |
| <VirtualHost *:443> |
| ServerName {{ keycloak_vhost_servername }} |
| |
| RequestHeader set X-Forwarded-Proto "https" |
| ProxyPass / "http://localhost:8080/" |
| ProxyPassReverse / "http://localhost:8080/" |
| ProxyPreserveHost On |
| # See https://issues.redhat.com/browse/KEYCLOAK-3067 for more info |
| LimitRequestFieldSize 32768 |
| |
| ErrorLog /var/log/httpd/keycloak.error.log |
| CustomLog /var/log/httpd/keycloak.requests.log combined |
| |
| SSLEngine on |
| # Disable SSLv3 which is vulnerable to the POODLE attack |
| SSLProtocol All -SSLv2 -SSLv3 |
| # Created cert with certbot: |
| # certbot --apache certonly -d iamdev.scigap.org |
| SSLCertificateFile {{ keycloak_ssl_certificate_file }} |
| SSLCertificateChainFile {{ keycloak_ssl_certificate_chain_file }} |
| SSLCertificateKeyFile {{ keycloak_ssl_certificate_key_file }} |
| </VirtualHost> |