treydock/apache-prometheus.conf

## apache-prometheus.conf
<VirtualHost *:443>
  ServerName prometheus.DOMAIN

  <Location "/">
    <RequireAny>
      Require claim groups:oscall
    </RequireAny>
    AuthType openid-connect
  </Location>

  <LocationMatch "/api/v1/(query|query_range)">
    <RequireAny>
      Require host xdmod.DOMAIN
      Require host xdmod-test.DOMAIN
      Require claim groups:oscall
    </RequireAny>
    AuthType openid-connect
  </LocationMatch>

  ## Logging
  ErrorLog "/var/log/httpd/prometheus_error_ssl.log"
  ServerSignature Off
  CustomLog "/var/log/httpd/prometheus_access_ssl.log" combined

  ## Proxy rules
  ProxyRequests Off
  ProxyPreserveHost On
  ProxyPass / http://localhost:9090/
  ProxyPassReverse / http://localhost:9090/

  ## SSL directives
  SSLEngine on
  SSLCertificateFile      "/etc/pki/tls/certs/prometheus01.DOMAIN.crt"
  SSLCertificateKeyFile   "/etc/pki/tls/private/prometheus01.DOMAIN.key"
  SSLCertificateChainFile "/etc/pki/tls/certs/prometheus01.DOMAIN-interm.crt"

  OIDCProviderMetadataURL https://idp.DOMAIN/auth/realms/osc/.well-known/openid-configuration
  OIDCClientID prometheus.DOMAIN
  OIDCRedirectURI https://prometheus.DOMAIN/redirect_uri
  OIDCRemoteUserClaim preferred_username
  OIDCClientSecret OMIT
  OIDCCryptoPassphrase OMIT
  OIDCSessionInactivityTimeout 28800
  OIDCStateMaxNumberOfCookies 10 true
</VirtualHost>
	<VirtualHost *:443>
	ServerName prometheus.DOMAIN

	<Location "/">
	<RequireAny>
	Require claim groups:oscall
	</RequireAny>
	AuthType openid-connect
	</Location>

	<LocationMatch "/api/v1/(query\|query_range)">
	<RequireAny>
	Require host xdmod.DOMAIN
	Require host xdmod-test.DOMAIN
	Require claim groups:oscall
	</RequireAny>
	AuthType openid-connect
	</LocationMatch>

	## Logging
	ErrorLog "/var/log/httpd/prometheus_error_ssl.log"
	ServerSignature Off
	CustomLog "/var/log/httpd/prometheus_access_ssl.log" combined

	## Proxy rules
	ProxyRequests Off
	ProxyPreserveHost On
	ProxyPass / http://localhost:9090/
	ProxyPassReverse / http://localhost:9090/

	## SSL directives
	SSLEngine on
	SSLCertificateFile "/etc/pki/tls/certs/prometheus01.DOMAIN.crt"
	SSLCertificateKeyFile "/etc/pki/tls/private/prometheus01.DOMAIN.key"
	SSLCertificateChainFile "/etc/pki/tls/certs/prometheus01.DOMAIN-interm.crt"

	OIDCProviderMetadataURL https://idp.DOMAIN/auth/realms/osc/.well-known/openid-configuration
	OIDCClientID prometheus.DOMAIN
	OIDCRedirectURI https://prometheus.DOMAIN/redirect_uri
	OIDCRemoteUserClaim preferred_username
	OIDCClientSecret OMIT
	OIDCCryptoPassphrase OMIT
	OIDCSessionInactivityTimeout 28800
	OIDCStateMaxNumberOfCookies 10 true
	</VirtualHost>