diff --git a/README.md b/README.md index 3dfbd2f..f9a3552 100644 --- a/README.md +++ b/README.md @@ -19,8 +19,10 @@ requested (this is a multi-value alternative to DOMAINNAME) * `MANAGER_HOST` - Hostname of OpenRemote Manager (default: `manager`) * `MANAGER_WEB_PORT` - Web server port of OpenRemote Manager (default `8080`) * `MANAGER_MQTT_PORT` - MQTT broker port of OpenRemote Manager (default `1883`) +* `MANAGER_PATH_PREFIX` - The path prefix used for OpenRemote Manager HTTP requests (default not set, example: `/openremote`) * `KEYCLOAK_HOST` - Hostname of the Keycloak server (default: `keycloak`) * `KEYCLOAK_PORT` - Web server port of Keycloak server (default `8080`) +* `KEYCLOAK_PATH_PREFIX` - The path prefix used for Keycloak HTTP requests (default not set, example: `/keycloak`) * `LOGFILE` - Location of log file for entrypoint script to write to in addition to stdout (default `none`) * `AWS_ROUTE53_ROLE` - AWS Route53 Role ARN to be assumed when trying to generate wildcard certificates using Route53 DNS zone, specifically for cross account updates (default `none`) * `LE_EXTRA_ARGS` - Can be used to add additional arguments to the certbot command (default `none`) diff --git a/haproxy.cfg b/haproxy.cfg index 78abd58..fe5421f 100644 --- a/haproxy.cfg +++ b/haproxy.cfg @@ -117,7 +117,7 @@ frontend https use_backend sish if gateway_sub_domain .endif - acl auth path_beg /auth + acl auth path_beg "${KEYCLOAK_PATH_PREFIX}/auth" use_backend keycloak_backend if auth use_backend manager_backend @@ -144,9 +144,15 @@ listen mqtt backend manager_backend server manager "${MANAGER_HOST}":"${MANAGER_WEB_PORT}" resolvers docker_resolver + .if defined(MANAGER_PATH_PREFIX) + http-request replace-path ^"${MANAGER_PATH_PREFIX}"(/.*)?$ \1 + .endif backend keycloak_backend server keycloak "${KEYCLOAK_HOST}":"${KEYCLOAK_PORT}" resolvers docker_resolver + .if defined(KEYCLOAK_PATH_PREFIX) + http-request replace-path ^"${KEYCLOAK_PATH_PREFIX}"(/.*)?$ \1 + .endif # Gateway tunnelling config .if defined(SISH_HOST) && defined(SISH_PORT)