commit 817f8b408cdf7c8bc48be9d5ee13eb6d17d497f0
author Hung-Wei Chiu <hungwei@opennetworking.org> Thu Sep 16 06:08:36 2021 +0000
committer Hung-Wei Chiu <hungwei@opennetworking.org> Fri Sep 17 00:21:12 2021 +0000
tree 345381b437ee3f1b26ee559d3e898471eedd9a80
parent 7260e78ea05f0e206f8790e3162fca749d215462

INF-184 - Support the reverse proxy mode

- Switch the reverse proxy mode by var

Change-Id: I03c159ab0863eb935ed1b20fe6ec62a924d59aef

defaults/main.yml

diff --git a/defaults/main.yml b/defaults/main.yml
index 57b65e7..88f7449 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -6,6 +6,7 @@
 #
 keycloak_java_version: 11
 
+keycloak_behind_reverse_proxy: true
 keycloak_server: "http://localhost:8080"
 keycloak_admin_api: "{{ keycloak_server }}/auth/admin/realms/master"
 keycloak_username: "keycloak"

molecule/default/molecule.yml

diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index 3e075cf..03b0908 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -19,6 +19,7 @@
   inventory:
     host_vars:
       debian-11-priv:
+        keycloak_behind_reverse_proxy: false
         keycloak_server: "http://localhost:8080"
         keycloak_admin_api: "{{ keycloak_server }}/auth/admin/realms/master"
         keycloak_ldap_testing_user: "test2"

tasks/Debian.yml

diff --git a/tasks/Debian.yml b/tasks/Debian.yml
index a3bd3ff..64a2d58 100644
--- a/tasks/Debian.yml
+++ b/tasks/Debian.yml
@@ -8,6 +8,7 @@
   apt:
     name:
       - "openjdk-{{ keycloak_java_version }}-jdk"
+      - "python3-lxml"
     state: "present"
     update_cache: true
 

tasks/main.yml

diff --git a/tasks/main.yml b/tasks/main.yml
index aa31ddb..cbffb40 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -64,6 +64,38 @@
   changed_when: false
   failed_when: false
 
+# search proxy-address-forwarding in the following link
+# https://www.keycloak.org/docs/15.0/server_installation/#_setting-up-a-load-balancer-or-proxy
+- name: Enable HTTPS Reverse Proxy(Modify standalone.xml)
+  community.general.xml:
+    path: "/opt/keycloak/standalone/configuration/standalone.xml"
+    xpath: "/m:server/m:profile/n:subsystem/n:server/n:http-listener"
+    attribute: "proxy-address-forwarding"
+    value: "true"
+    namespaces:
+      m: "urn:jboss:domain:16.0"
+      n: "urn:jboss:domain:undertow:12.0"
+  when: (keycloak_behind_reverse_proxy is defined) and (keycloak_behind_reverse_proxy)
+  notify:
+    - "start-keycloak"
+    - "restart-keycloak"
+
+# search proxy-address-forwarding in the following link
+# https://www.keycloak.org/docs/15.0/server_installation/#_setting-up-a-load-balancer-or-proxy
+- name: Disable HTTPS Reverse Proxy(Modify standalone.xml)
+  community.general.xml:
+    path: "/opt/keycloak/standalone/configuration/standalone.xml"
+    xpath: "/m:server/m:profile/n:subsystem/n:server/n:http-listener/@proxy-address-forwarding"
+    value: "true"
+    state: absent
+    namespaces:
+      m: "urn:jboss:domain:16.0"
+      n: "urn:jboss:domain:undertow:12.0"
+  when: (keycloak_behind_reverse_proxy is not defined) or (not keycloak_behind_reverse_proxy)
+  notify:
+    - "start-keycloak"
+    - "restart-keycloak"
+
 - name: Create admin account
   command:
     chdir: "{{ keycloak_working_dir }}/bin/"