add apache configuration for the proxy ( ie, apache will serve static

file and take care of ssl negocation, and thin take care of the backend )

1 files changed, 43 insertions, 0 deletions

diff --git a/modules/puppet/templates/apache_proxy_vhost.conf b/modules/puppet/templates/apache_proxy_vhost.conf
new file mode 100644
index 00000000..d1e797e2
--- /dev/null
+++ b/modules/puppet/templates/apache_proxy_vhost.conf
@@ -0,0 +1,43 @@
+ProxyRequests Off
+
+<Proxy balancer://puppet>
+# TODO dynamically ajust that with a variable
+    BalancerMember http://127.0.0.1:18140
+    BalancerMember http://127.0.0.1:18141
+    BalancerMember http://127.0.0.1:18142
+</Proxy>
+
+<VirtualHost *:8140>
+    SSLEngine on
+    ServerName puppet.<%= domain %>
+
+    ErrorLog /var/log/httpd/puppet_proxy.<%= domain %>.error.log
+    CustomLog /var/log/httpd/puppet_proxy.<%= domain %>.access.log
+
+    SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA
+
+    SSLCertificateFile    /var/lib/puppet/ssl/certs/puppet.<%= domain %>.pem
+    SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.<%= domain %>.pem
+    SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
+    SSLCACertificateFile    /var/lib/puppet/ssl/ca/ca_crt.pem
+
+    SSLVerifyClient require
+    SSLVerifyDepth  1
+
+    SSLOptions +StdEnvVars
+
+    RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
+    RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
+
+    <Location />
+       SetHandler balancer-manager
+       Order allow,deny
+       Allow from all
+    </Location>
+
+    ProxyPass / balancer://puppet/
+    ProxyPassReverse / balancer://puppet/
+    ProxyPreserveHost on
+
+</VirtualHost>
+