[keycloak-dev] Setting up AJP proxy from Apache?

Bill Burke bburke at redhat.com
Sat Mar 5 07:27:37 EST 2016


The only thing I can think of is that the server is binding to localhost 
and not a real IP address?

BTW, why would you want to put Apache in front of Keycloak?  Or is this 
just an application?  Last time I looked at bench, undertow/wildfly 
performs and scales better than Apache HTTPD even for static content.

https://www.techempower.com/benchmarks/

On 3/4/2016 9:49 PM, Adam Young wrote:
> keycloak-1.9.0.Final
>
> Having trouble finding the right notes for setting up AJP.  This is to
> run alongside a FreeIPA server which is already set up with
> mod_proxy_ajp talking to Tomcat, so I want to keep using the same set of
> modules.
>
>
>
> I can see keycloak-1.9.0.Final/standalone/configuration/standalone.xml
>
>
> <subsystem xmlns="urn:jboss:domain:undertow:3.0">
>               <buffer-cache name="default"/>
>               <server name="default-server">
>                   <http-listener name="default" socket-binding="http"
> redirect-socket="https"/>
>
>                   <host name="default-host" alias="localhost">
>                       <location name="/" handler="welcome-content"/>
>                       <filter-ref name="server-header"/>
>                       <filter-ref name="x-powered-by-header"/>
>                   </host>
>               </server>
>
>
> I'm assuming I need a line comparable to <http-listener name="default"
> socket-binding="http" redirect-socket="https"/> But for the AJP
> protocol. Perhaps ajp-listener?
>
> A line like this, perhaps?
>
>        <http-listener name="default-ajp" socket-binding="ajp"
> scheme="http"  />
>
>
>
>
>
>
> https://docs.jboss.org/author/display/WFLY8/AJP+listeners
>
> I see at the bottom of the file:
>
>       <socket-binding-group name="standard-sockets"
> default-interface="public"
> port-offset="${jboss.socket.binding.port-offset:0}">
>           <socket-binding name="management-http" interface="management"
> port="${jboss.management.http.port:9990}"/>
>           <socket-binding name="management-https" interface="management"
> port="${jboss.management.https.port:9993}"/>
>           <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com



More information about the keycloak-dev mailing list