haproxy setup for keycloak

defaults
        ...
        option forwardfor
        option http-server-close

frontend http
        bind *:80 alpn h2,http/1.1
        http-response set-header Strict-Transport-Security "max-age=16000000;"

        acl host_kc hdr(host) -i keycloak.demo.nethence.com
        redirect scheme https code 301 if host_kc

frontend https
        bind *:443 ssl crt /etc/haproxy/certs/ alpn h2,http/1.1
        http-response set-header Strict-Transport-Security "max-age=16000000;"

        acl host_kc hdr(host) -i keycloak.demo.nethence.com
        use_backend kc-server if host_kc

# @dnc-keycloak - 10.1.0.19:8080
backend kc-server
        #balance leastconn
        http-request set-header X-Forwarded-Proto https
        server dnc-keycloak 10.1.0.19:8080 check

works fine if you enforce http/2 also


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun