we have a setup with oidc, 2 haproxy servers (although it also works with ony one) and several ood backend servers.
With version 1.6.19 we set in /etc/ood/config/ood_portal.yml
servername: <ood_servername>
proxy_server: <haproxy_public_name>
logout_redirect: /oidc?logout=https%3A%2F%2F<haproxy_public_name>
in /opt/rh/httpd24/root/etc/httpd/conf.modules.d/auth_openidc.conf we set:
OIDCRedirectURI https://<haproxy_public_name>/oidc
for the haproxy setup we have specifically for ood (not including ssl settings etc):
frontend ood-in
bind <haproxy_server_public_ip>:443 crt <certificate_file> ssl
mode http
default_backend ood-bk
backend ood-bk
balance roundrobin
mode http
option forwardfor
option httpchk HEAD / HTTP/1.1\r\nHost:localhost
server <ood_backend_server1> <IP>:443 ca-file <cafile> check ssl
server <ood_backend_server2> <IP>:443 ca-file <cafile> check ssl
server <ood_backend_server3> <IP>:443 ca-file <cafile> check ssl
stick-table type ip size 1m peers mypeers
stick on src
peers mypeers
peer <haproxy_server_1> <IP>:<port>
peer <haproxy_server_2> <IP>:<port>