That format got even worse feedback and I would too :-). Lets try this one.

ProxyPass /confluencenode1 http://nodecnf001:8092/confluencenode1
ProxyPassReverse /confluencenode1 http://nodecnf001:8092/confluencenode1
ProxyPass /confluencenode2 http://nodecnf002:8092/confluencenode2
ProxyPassReverse /confluencenode2 http://nodecnf002:8092/confluencenode2
ProxyPass /confluencenode3 http://nodecnf003:8092/confluencenode3
ProxyPassReverse /confluencenode3 http://nodecnf003:8092/confluencenode3
<Location /confluencenode1>
    # Paths to bypass SSO
    #<If "%{REQUEST_URI} =~ m#^/confluence\/rest\/#">
    #    Satisfy Any
    #</If>
    <If "%{REQUEST_URI} =~
m#^/(confluencenode1/rest/|confluencenode1/s/).*#">
        Satisfy Any
    </If>
    Order allow,deny
    Allow from all
    AuthType Shibboleth
    Header set X-Forwarded-Proto "https"
    ShibUseHeaders On
    ShibRequestSetting requireSession true
    <RequireAny>
      Require shib-attr AuthType "standard, x509, securePlus2, securePlus3,
piv"
      Require shib-attr AppAuth true
    </RequireAny>
</Location>
<Location /confluencenode2>
    # Paths to bypass SSO
    #<If "%{REQUEST_URI} =~ m#^/confluence\/rest\/#">
    #    Satisfy Any
    #</If>
    <If "%{REQUEST_URI} =~
m#^/(confluencenode2/rest/|confluencenode2/s/).*#">
        Satisfy Any
    </If>
    Order allow,deny
    Allow from all
    AuthType Shibboleth
    Header set X-Forwarded-Proto "https"
    ShibUseHeaders On
    ShibRequestSetting requireSession true
    <RequireAny>
      Require shib-attr AuthType "standard, x509, securePlus2, securePlus3,
piv"
      Require shib-attr AppAuth true
    </RequireAny>
</Location>
<Location /confluencenode3>
    # Paths to bypass SSO
    #<If "%{REQUEST_URI} =~ m#^/confluence\/rest\/#">
    #    Satisfy Any
    #</If>
    <If "%{REQUEST_URI} =~
m#^/(confluencenode3/rest/|confluencenode3/s/).*#">
        Satisfy Any
    </If>
    Order allow,deny
    Allow from all
    AuthType Shibboleth
    Header set X-Forwarded-Proto "https"
    ShibUseHeaders On
    ShibRequestSetting requireSession true
    <RequireAny>
      Require shib-attr AuthType "standard, x509, securePlus2, securePlus3,
piv"
      Require shib-attr AppAuth true
    </RequireAny>
</Location>


On Tue, May 18, 2021 at 3:33 PM <vad...@gmail.com> wrote:

> Sorry the output was not clean. Trying a different format
>
>    1. ProxyPass /confluencenode1 http://nodecnf001:8092/confluencenode1
>    2. ProxyPassReverse /confluencenode1
>    http://nodecnf001:8092/confluencenode1
>    3. ProxyPass /confluencenode2 http://nodecnf002:8092/confluencenode2
>    4. ProxyPassReverse /confluencenode2
>    http://nodecnf002:8092/confluencenode2
>    5. ProxyPass /confluencenode3 http://nodecnf003:8092/confluencenode3
>    6. ProxyPassReverse /confluencenode3
>    http://nodecnf003:8092/confluencenode3
>    7.
>    8. <Location /confluencenode1>
>    9. # Paths to bypass SSO
>    10. #<If "%{REQUEST_URI} =~ m#^/confluence\/rest\/#">
>    11. # Satisfy Any
>    12. #</If>
>    13. <If "%{REQUEST_URI} =~
>    m#^/(confluencenode1/rest/|confluencenode1/s/).*#">
>    14. Satisfy Any
>    15. </If>
>    16. Order allow,deny
>    17. Allow from all
>    18. AuthType Shibboleth
>    19. Header set X-Forwarded-Proto "https"
>    20. ShibUseHeaders On
>    21. ShibRequestSetting requireSession true
>    22. <RequireAny>
>    23. Require shib-attr AuthType "standard, x509, securePlus2,
>    securePlus3, piv"
>    24. Require shib-attr AppAuth true
>    25. </RequireAny>
>    26. </Location>
>    27. <Location /confluencenode2>
>    28. # Paths to bypass SSO
>    29. #<If "%{REQUEST_URI} =~ m#^/confluence\/rest\/#">
>    30. # Satisfy Any
>    31. #</If>
>    32. <If "%{REQUEST_URI} =~
>    m#^/(confluencenode2/rest/|confluencenode2/s/).*#">
>    33. Satisfy Any
>    34. </If>
>    35. Order allow,deny
>    36. Allow from all
>    37. AuthType Shibboleth
>    38. Header set X-Forwarded-Proto "https"
>    39. ShibUseHeaders On
>    40. ShibRequestSetting requireSession true
>    41. <RequireAny>
>    42. Require shib-attr AuthType "standard, x509, securePlus2,
>    securePlus3, piv"
>    43. Require shib-attr AppAuth true
>    44. </RequireAny>
>    45. </Location>
>    46. <Location /confluencenode3>
>    47. # Paths to bypass SSO
>    48. #<If "%{REQUEST_URI} =~ m#^/confluence\/rest\/#">
>    49. # Satisfy Any
>    50. #</If>
>    51. <If "%{REQUEST_URI} =~
>    m#^/(confluencenode3/rest/|confluencenode3/s/).*#">
>    52. Satisfy Any
>    53. </If>
>    54. Order allow,deny
>    55. Allow from all
>    56. AuthType Shibboleth
>    57. Header set X-Forwarded-Proto "https"
>    58. ShibUseHeaders On
>    59. ShibRequestSetting requireSession true
>    60. <RequireAny>
>    61. Require shib-attr AuthType "standard, x509, securePlus2,
>    securePlus3, piv"
>    62. Require shib-attr AppAuth true
>    63. </RequireAny>
>    64. </Location>
>    65.
>
> So I like to see if I can get only one Location stanza with only one
> REQUEST_URI and maybe one ProxyPass and one ProxyPassReverse for all three
> nodes
>
> On Tue, May 18, 2021 at 2:29 PM <vad...@gmail.com> wrote:
>
>> Hi All,
>>
>> I have this config and it works fine. Looking for a way to consolidate
>> it. I tried few things and no success yet.
>>
>> ProxyPass /confluencenode1 http://nodecnf001:8092/confluencenode1
>> ProxyPassReverse /confluencenode1 http://nodecnf001:8092/confluencenode1
>> ProxyPass /confluencenode2 http://nodecnf002:8092/confluencenode2
>> ProxyPassReverse /confluencenode2 http://nodecnf002:8092/confluencenode2
>> ProxyPass /confluencenode3 http://nodecnf003:8092/confluencenode3
>> ProxyPassReverse /confluencenode3 http://nodecnf003:8092/confluencenode3
>> <Location /confluencenode1>
>> # Paths to bypass SSO
>> #<If "%{REQUEST_URI} =~ m#^/confluence\/rest\/#">
>> # Satisfy Any
>> #</If>
>> <If "%{REQUEST_URI} =~ m#^/(confluencenode1/rest/|confluencenode1/s/).*#">
>> Satisfy Any
>> </If>
>> Order allow,deny
>> Allow from all
>> AuthType Shibboleth
>> Header set X-Forwarded-Proto "https"
>> ShibUseHeaders On
>> ShibRequestSetting requireSession true
>> <RequireAny>
>> Require shib-attr AuthType "standard, x509, securePlus2, securePlus3, piv"
>> Require shib-attr AppAuth true
>> </RequireAny>
>> </Location>
>> <Location /confluencenode2>
>> # Paths to bypass SSO
>> #<If "%{REQUEST_URI} =~ m#^/confluence\/rest\/#">
>> # Satisfy Any
>> #</If>
>> <If "%{REQUEST_URI} =~ m#^/(confluencenode2/rest/|confluencenode2/s/).*#">
>> Satisfy Any
>> </If>
>> Order allow,deny
>> Allow from all
>> AuthType Shibboleth
>> Header set X-Forwarded-Proto "https"
>> ShibUseHeaders On
>> ShibRequestSetting requireSession true
>> <RequireAny>
>> Require shib-attr AuthType "standard, x509, securePlus2, securePlus3, piv"
>> Require shib-attr AppAuth true
>> </RequireAny>
>> </Location>
>> <Location /confluencenode3>
>> # Paths to bypass SSO
>> #<If "%{REQUEST_URI} =~ m#^/confluence\/rest\/#">
>> # Satisfy Any
>> #</If>
>> <If "%{REQUEST_URI} =~ m#^/(confluencenode3/rest/|confluencenode3/s/).*#">
>> Satisfy Any
>> </If>
>> Order allow,deny
>> Allow from all
>> AuthType Shibboleth
>> Header set X-Forwarded-Proto "https"
>> ShibUseHeaders On
>> ShibRequestSetting requireSession true
>> <RequireAny>
>> Require shib-attr AuthType "standard, x509, securePlus2, securePlus3, piv"
>> Require shib-attr AppAuth true
>> </RequireAny>
>> </Location>
>>
>> Thanks
>>
>> --
>> Asif Iqbal
>> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
>> A: Because it messes up the order in which people normally read text.
>> Q: Why is top-posting such a bad thing?
>>
>>
>
> --
> Asif Iqbal
> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
>
>

-- 
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

Reply via email to