That format got even worse feedback and I would too :-). Lets try this one.
ProxyPass /confluencenode1 http://nodecnf001:8092/confluencenode1 ProxyPassReverse /confluencenode1 http://nodecnf001:8092/confluencenode1 ProxyPass /confluencenode2 http://nodecnf002:8092/confluencenode2 ProxyPassReverse /confluencenode2 http://nodecnf002:8092/confluencenode2 ProxyPass /confluencenode3 http://nodecnf003:8092/confluencenode3 ProxyPassReverse /confluencenode3 http://nodecnf003:8092/confluencenode3 <Location /confluencenode1> # Paths to bypass SSO #<If "%{REQUEST_URI} =~ m#^/confluence\/rest\/#"> # Satisfy Any #</If> <If "%{REQUEST_URI} =~ m#^/(confluencenode1/rest/|confluencenode1/s/).*#"> Satisfy Any </If> Order allow,deny Allow from all AuthType Shibboleth Header set X-Forwarded-Proto "https" ShibUseHeaders On ShibRequestSetting requireSession true <RequireAny> Require shib-attr AuthType "standard, x509, securePlus2, securePlus3, piv" Require shib-attr AppAuth true </RequireAny> </Location> <Location /confluencenode2> # Paths to bypass SSO #<If "%{REQUEST_URI} =~ m#^/confluence\/rest\/#"> # Satisfy Any #</If> <If "%{REQUEST_URI} =~ m#^/(confluencenode2/rest/|confluencenode2/s/).*#"> Satisfy Any </If> Order allow,deny Allow from all AuthType Shibboleth Header set X-Forwarded-Proto "https" ShibUseHeaders On ShibRequestSetting requireSession true <RequireAny> Require shib-attr AuthType "standard, x509, securePlus2, securePlus3, piv" Require shib-attr AppAuth true </RequireAny> </Location> <Location /confluencenode3> # Paths to bypass SSO #<If "%{REQUEST_URI} =~ m#^/confluence\/rest\/#"> # Satisfy Any #</If> <If "%{REQUEST_URI} =~ m#^/(confluencenode3/rest/|confluencenode3/s/).*#"> Satisfy Any </If> Order allow,deny Allow from all AuthType Shibboleth Header set X-Forwarded-Proto "https" ShibUseHeaders On ShibRequestSetting requireSession true <RequireAny> Require shib-attr AuthType "standard, x509, securePlus2, securePlus3, piv" Require shib-attr AppAuth true </RequireAny> </Location> On Tue, May 18, 2021 at 3:33 PM <vad...@gmail.com> wrote: > Sorry the output was not clean. Trying a different format > > 1. ProxyPass /confluencenode1 http://nodecnf001:8092/confluencenode1 > 2. ProxyPassReverse /confluencenode1 > http://nodecnf001:8092/confluencenode1 > 3. ProxyPass /confluencenode2 http://nodecnf002:8092/confluencenode2 > 4. ProxyPassReverse /confluencenode2 > http://nodecnf002:8092/confluencenode2 > 5. ProxyPass /confluencenode3 http://nodecnf003:8092/confluencenode3 > 6. ProxyPassReverse /confluencenode3 > http://nodecnf003:8092/confluencenode3 > 7. > 8. <Location /confluencenode1> > 9. # Paths to bypass SSO > 10. #<If "%{REQUEST_URI} =~ m#^/confluence\/rest\/#"> > 11. # Satisfy Any > 12. #</If> > 13. <If "%{REQUEST_URI} =~ > m#^/(confluencenode1/rest/|confluencenode1/s/).*#"> > 14. Satisfy Any > 15. </If> > 16. Order allow,deny > 17. Allow from all > 18. AuthType Shibboleth > 19. Header set X-Forwarded-Proto "https" > 20. ShibUseHeaders On > 21. ShibRequestSetting requireSession true > 22. <RequireAny> > 23. Require shib-attr AuthType "standard, x509, securePlus2, > securePlus3, piv" > 24. Require shib-attr AppAuth true > 25. </RequireAny> > 26. </Location> > 27. <Location /confluencenode2> > 28. # Paths to bypass SSO > 29. #<If "%{REQUEST_URI} =~ m#^/confluence\/rest\/#"> > 30. # Satisfy Any > 31. #</If> > 32. <If "%{REQUEST_URI} =~ > m#^/(confluencenode2/rest/|confluencenode2/s/).*#"> > 33. Satisfy Any > 34. </If> > 35. Order allow,deny > 36. Allow from all > 37. AuthType Shibboleth > 38. Header set X-Forwarded-Proto "https" > 39. ShibUseHeaders On > 40. ShibRequestSetting requireSession true > 41. <RequireAny> > 42. Require shib-attr AuthType "standard, x509, securePlus2, > securePlus3, piv" > 43. Require shib-attr AppAuth true > 44. </RequireAny> > 45. </Location> > 46. <Location /confluencenode3> > 47. # Paths to bypass SSO > 48. #<If "%{REQUEST_URI} =~ m#^/confluence\/rest\/#"> > 49. # Satisfy Any > 50. #</If> > 51. <If "%{REQUEST_URI} =~ > m#^/(confluencenode3/rest/|confluencenode3/s/).*#"> > 52. Satisfy Any > 53. </If> > 54. Order allow,deny > 55. Allow from all > 56. AuthType Shibboleth > 57. Header set X-Forwarded-Proto "https" > 58. ShibUseHeaders On > 59. ShibRequestSetting requireSession true > 60. <RequireAny> > 61. Require shib-attr AuthType "standard, x509, securePlus2, > securePlus3, piv" > 62. Require shib-attr AppAuth true > 63. </RequireAny> > 64. </Location> > 65. > > So I like to see if I can get only one Location stanza with only one > REQUEST_URI and maybe one ProxyPass and one ProxyPassReverse for all three > nodes > > On Tue, May 18, 2021 at 2:29 PM <vad...@gmail.com> wrote: > >> Hi All, >> >> I have this config and it works fine. Looking for a way to consolidate >> it. I tried few things and no success yet. >> >> ProxyPass /confluencenode1 http://nodecnf001:8092/confluencenode1 >> ProxyPassReverse /confluencenode1 http://nodecnf001:8092/confluencenode1 >> ProxyPass /confluencenode2 http://nodecnf002:8092/confluencenode2 >> ProxyPassReverse /confluencenode2 http://nodecnf002:8092/confluencenode2 >> ProxyPass /confluencenode3 http://nodecnf003:8092/confluencenode3 >> ProxyPassReverse /confluencenode3 http://nodecnf003:8092/confluencenode3 >> <Location /confluencenode1> >> # Paths to bypass SSO >> #<If "%{REQUEST_URI} =~ m#^/confluence\/rest\/#"> >> # Satisfy Any >> #</If> >> <If "%{REQUEST_URI} =~ m#^/(confluencenode1/rest/|confluencenode1/s/).*#"> >> Satisfy Any >> </If> >> Order allow,deny >> Allow from all >> AuthType Shibboleth >> Header set X-Forwarded-Proto "https" >> ShibUseHeaders On >> ShibRequestSetting requireSession true >> <RequireAny> >> Require shib-attr AuthType "standard, x509, securePlus2, securePlus3, piv" >> Require shib-attr AppAuth true >> </RequireAny> >> </Location> >> <Location /confluencenode2> >> # Paths to bypass SSO >> #<If "%{REQUEST_URI} =~ m#^/confluence\/rest\/#"> >> # Satisfy Any >> #</If> >> <If "%{REQUEST_URI} =~ m#^/(confluencenode2/rest/|confluencenode2/s/).*#"> >> Satisfy Any >> </If> >> Order allow,deny >> Allow from all >> AuthType Shibboleth >> Header set X-Forwarded-Proto "https" >> ShibUseHeaders On >> ShibRequestSetting requireSession true >> <RequireAny> >> Require shib-attr AuthType "standard, x509, securePlus2, securePlus3, piv" >> Require shib-attr AppAuth true >> </RequireAny> >> </Location> >> <Location /confluencenode3> >> # Paths to bypass SSO >> #<If "%{REQUEST_URI} =~ m#^/confluence\/rest\/#"> >> # Satisfy Any >> #</If> >> <If "%{REQUEST_URI} =~ m#^/(confluencenode3/rest/|confluencenode3/s/).*#"> >> Satisfy Any >> </If> >> Order allow,deny >> Allow from all >> AuthType Shibboleth >> Header set X-Forwarded-Proto "https" >> ShibUseHeaders On >> ShibRequestSetting requireSession true >> <RequireAny> >> Require shib-attr AuthType "standard, x509, securePlus2, securePlus3, piv" >> Require shib-attr AppAuth true >> </RequireAny> >> </Location> >> >> Thanks >> >> -- >> Asif Iqbal >> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu >> A: Because it messes up the order in which people normally read text. >> Q: Why is top-posting such a bad thing? >> >> > > -- > Asif Iqbal > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
