haproxy setup for keycloak

defaults
    ...
    option forwardfor
    option http-server-close

frontend http
    bind *:80 alpn h2,http/1.1
    http-response set-header Strict-Transport-Security "max-age=16000000;"

    acl host_kc hdr(host) -i keycloak.demo.nethence.com
    redirect scheme https code 301 if host_kc

frontend https
    bind *:443 ssl crt /etc/haproxy/certs/ alpn h2,http/1.1
    http-response set-header Strict-Transport-Security "max-age=16000000;"

    acl host_kc hdr(host) -i keycloak.demo.nethence.com
    use_backend kc-server if host_kc

# @dnc-keycloak - 10.1.0.19:8080
backend kc-server
    #balance leastconn
    http-request set-header X-Forwarded-Proto https
    server dnc-keycloak 10.1.0.19:8080 check

works fine if you enforce http/2 also

HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Licensed under MIT