Merge pull request #187 from roumano/parse_proxy_headers

Permit parse reverse proxy headers

roles/keycloak_quarkus/README.md

@@ -54,7 +54,7 @@ Role Defaults
 |`keycloak_quarkus_https_trust_store_enabled`| Enalbe confiugration of a trust store | `False` |
 |`keycloak_quarkus_trust_store_file`| The file pat to the trust store | `{{ keycloak.home }}/conf/trust_store.p12` |
 |`keycloak_quarkus_trust_store_password`| Password for the trust store | `""` |
-
+|`keycloak_quarkus_proxy_headers`| Parse reverse proxy headers (`forwarded` or `xforwardedPassword`) | `""` |
 
 * Hostname configuration
 

roles/keycloak_quarkus/meta/argument_specs.yml

@@ -285,6 +285,10 @@ argument_specs:
                 default: 'edge'
                 type: "str"
                 description: "The proxy address forwarding mode if the server is behind a reverse proxy. Set to 'none' if not using a proxy"
+            keycloak_quarkus_proxy_headers:
+                default: ""
+                type: "str"
+                description: "Parse reverse proxy headers (`forwarded` or `xforwardedPassword`), overrides the deprecated keycloak_quarkus_proxy_mode argument"
             keycloak_quarkus_start_dev:
                 default: false
                 type: "bool"

roles/keycloak_quarkus/templates/keycloak.conf.j2

@@ -54,9 +54,14 @@ cache-config-file=cache-ispn.xml
 {% endif %}
 
 {% if keycloak_quarkus_proxy_mode is defined and keycloak_quarkus_proxy_mode != "none" %}
-# Proxy
+# Deprecated Proxy configuration
 proxy={{ keycloak_quarkus_proxy_mode }}
 {% endif %}
+{% if keycloak_quarkus_proxy_headers is defined and keycloak_quarkus_proxy_headers != "none" %}
+# Proxy
+proxy-headers={{ keycloak_quarkus_proxy_headers }}
+{% endif %}
+
 spi-sticky-session-encoder-infinispan-should-attach-route={{ keycloak_quarkus_spi_sticky_session_encoder_infinispan_should_attach_route | d(true) | lower }}
 
 # Transaction