Support path based proxying

README.md

@@ -19,8 +19,10 @@ requested (this is a multi-value alternative to DOMAINNAME)
 * `MANAGER_HOST` - Hostname of OpenRemote Manager (default: `manager`)
 * `MANAGER_WEB_PORT` - Web server port of OpenRemote Manager (default `8080`)
 * `MANAGER_MQTT_PORT` - MQTT broker port of OpenRemote Manager (default `1883`)
+* `MANAGER_PATH_PREFIX` - The path prefix used for OpenRemote Manager HTTP requests (default not set, example: `/openremote`)
 * `KEYCLOAK_HOST` - Hostname of the Keycloak server (default: `keycloak`)
 * `KEYCLOAK_PORT` - Web server port of Keycloak server (default `8080`)
+* `KEYCLOAK_PATH_PREFIX` - The path prefix used for Keycloak HTTP requests (default not set, example: `/keycloak`)
 * `LOGFILE` - Location of log file for entrypoint script to write to in addition to stdout (default `none`)
 * `AWS_ROUTE53_ROLE` - AWS Route53 Role ARN to be assumed when trying to generate wildcard certificates using Route53 DNS zone, specifically for cross account updates (default `none`)
 * `LE_EXTRA_ARGS` - Can be used to add additional arguments to the certbot command (default `none`)

haproxy.cfg

@@ -117,7 +117,7 @@ frontend https
        use_backend sish if gateway_sub_domain
     .endif
 
-    acl auth path_beg /auth
+    acl auth path_beg "${KEYCLOAK_PATH_PREFIX}/auth"
     use_backend keycloak_backend if auth
 
     use_backend manager_backend
@@ -144,9 +144,15 @@ listen mqtt
 
 backend manager_backend
   server manager "${MANAGER_HOST}":"${MANAGER_WEB_PORT}" resolvers docker_resolver
+  .if defined(MANAGER_PATH_PREFIX)
+    http-request replace-path ^"${MANAGER_PATH_PREFIX}"(/.*)?$ \1
+  .endif
 
 backend keycloak_backend
   server keycloak "${KEYCLOAK_HOST}":"${KEYCLOAK_PORT}" resolvers docker_resolver
+  .if defined(KEYCLOAK_PATH_PREFIX)
+    http-request replace-path ^"${KEYCLOAK_PATH_PREFIX}"(/.*)?$ \1
+  .endif
 
 # Gateway tunnelling config
 .if defined(SISH_HOST) && defined(SISH_PORT)