INF-184 - Support the reverse proxy mode
- Switch the reverse proxy mode by var
Change-Id: I03c159ab0863eb935ed1b20fe6ec62a924d59aef
diff --git a/tasks/main.yml b/tasks/main.yml
index aa31ddb..cbffb40 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -64,6 +64,38 @@
changed_when: false
failed_when: false
+# search proxy-address-forwarding in the following link
+# https://www.keycloak.org/docs/15.0/server_installation/#_setting-up-a-load-balancer-or-proxy
+- name: Enable HTTPS Reverse Proxy(Modify standalone.xml)
+ community.general.xml:
+ path: "/opt/keycloak/standalone/configuration/standalone.xml"
+ xpath: "/m:server/m:profile/n:subsystem/n:server/n:http-listener"
+ attribute: "proxy-address-forwarding"
+ value: "true"
+ namespaces:
+ m: "urn:jboss:domain:16.0"
+ n: "urn:jboss:domain:undertow:12.0"
+ when: (keycloak_behind_reverse_proxy is defined) and (keycloak_behind_reverse_proxy)
+ notify:
+ - "start-keycloak"
+ - "restart-keycloak"
+
+# search proxy-address-forwarding in the following link
+# https://www.keycloak.org/docs/15.0/server_installation/#_setting-up-a-load-balancer-or-proxy
+- name: Disable HTTPS Reverse Proxy(Modify standalone.xml)
+ community.general.xml:
+ path: "/opt/keycloak/standalone/configuration/standalone.xml"
+ xpath: "/m:server/m:profile/n:subsystem/n:server/n:http-listener/@proxy-address-forwarding"
+ value: "true"
+ state: absent
+ namespaces:
+ m: "urn:jboss:domain:16.0"
+ n: "urn:jboss:domain:undertow:12.0"
+ when: (keycloak_behind_reverse_proxy is not defined) or (not keycloak_behind_reverse_proxy)
+ notify:
+ - "start-keycloak"
+ - "restart-keycloak"
+
- name: Create admin account
command:
chdir: "{{ keycloak_working_dir }}/bin/"