Skip to content
Snippets Groups Projects
Commit e0cba78b authored by Václav Bartoš's avatar Václav Bartoš
Browse files

Merge branch 'master' into opensearch

parents 4900913c 2d98e7c9
No related branches found
No related tags found
1 merge request!5Migrate from ODFE to OpenSearch
...@@ -52,15 +52,18 @@ listen opensearchserv ...@@ -52,15 +52,18 @@ listen opensearchserv
tcp-request connection reject if !{ src -f /usr/local/etc/haproxy/opensearches_whitelist.lst } tcp-request connection reject if !{ src -f /usr/local/etc/haproxy/opensearches_whitelist.lst }
listen keycloakserv listen keycloakserv
bind *:12443 ssl crt /etc/ssl/haproxy alpn h2,http/1.1 # Keycloak needs to receive and check client certificates, which is easier when it handles TLS itself - so we use TCP mode here
mode http bind *:12443
mode tcp
maxconn 5000 maxconn 5000
fullconn 5000 fullconn 5000
balance source balance source
option tcpka option tcpka
option httplog option tcp-check
option tcplog
tcp-check connect port 8443
{% for keycloakhost in groups['keycloakcontainers'] %} {% for keycloakhost in groups['keycloakcontainers'] %}
server {{keycloakhost}} {{keycloakhost}}:8443 ssl check verify none server {{keycloakhost}} {{keycloakhost}}:8443 check
{% endfor %} {% endfor %}
tcp-request connection reject if !{ src -f /usr/local/etc/haproxy/keycloak_whitelist.lst } tcp-request connection reject if !{ src -f /usr/local/etc/haproxy/keycloak_whitelist.lst }
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment