diff options
author | Michael Scherer <misc@mageia.org> | 2012-02-19 17:45:07 +0000 |
---|---|---|
committer | Michael Scherer <misc@mageia.org> | 2012-02-19 17:45:07 +0000 |
commit | ad326895f54549250c2e345957b7a96f0c3dc538 (patch) | |
tree | cfdd6eafc78eeb67da8240c2cd0130a196ea695f | |
parent | dbc7a91fbc3943cb7f40c53decbc98b1a8ac2c9a (diff) | |
download | puppet-ad326895f54549250c2e345957b7a96f0c3dc538.tar puppet-ad326895f54549250c2e345957b7a96f0c3dc538.tar.gz puppet-ad326895f54549250c2e345957b7a96f0c3dc538.tar.bz2 puppet-ad326895f54549250c2e345957b7a96f0c3dc538.tar.xz puppet-ad326895f54549250c2e345957b7a96f0c3dc538.zip |
add apache configuration for the proxy ( ie, apache will serve static
file and take care of ssl negocation, and thin take care of the backend )
-rw-r--r-- | modules/puppet/manifests/thin.pp | 7 | ||||
-rw-r--r-- | modules/puppet/templates/apache_proxy_vhost.conf | 43 |
2 files changed, 50 insertions, 0 deletions
diff --git a/modules/puppet/manifests/thin.pp b/modules/puppet/manifests/thin.pp index 961e19ae..7ec684d6 100644 --- a/modules/puppet/manifests/thin.pp +++ b/modules/puppet/manifests/thin.pp @@ -1,5 +1,12 @@ class puppet::thin { package { 'ruby-thin': } + + include apache::mod_ssl + include apache::mod_proxy + + apache::vhost_other_app { 'puppet_proxy': + vhost_file => 'puppet/apache_proxy_vhost.conf', + } apache::config { "/etc/httpd/conf.d/puppet.conf": content => "Listen 8140", diff --git a/modules/puppet/templates/apache_proxy_vhost.conf b/modules/puppet/templates/apache_proxy_vhost.conf new file mode 100644 index 00000000..d1e797e2 --- /dev/null +++ b/modules/puppet/templates/apache_proxy_vhost.conf @@ -0,0 +1,43 @@ +ProxyRequests Off + +<Proxy balancer://puppet> +# TODO dynamically ajust that with a variable + BalancerMember http://127.0.0.1:18140 + BalancerMember http://127.0.0.1:18141 + BalancerMember http://127.0.0.1:18142 +</Proxy> + +<VirtualHost *:8140> + SSLEngine on + ServerName puppet.<%= domain %> + + ErrorLog /var/log/httpd/puppet_proxy.<%= domain %>.error.log + CustomLog /var/log/httpd/puppet_proxy.<%= domain %>.access.log + + SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA + + SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.<%= domain %>.pem + SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.<%= domain %>.pem + SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem + SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem + + SSLVerifyClient require + SSLVerifyDepth 1 + + SSLOptions +StdEnvVars + + RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e + RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e + + <Location /> + SetHandler balancer-manager + Order allow,deny + Allow from all + </Location> + + ProxyPass / balancer://puppet/ + ProxyPassReverse / balancer://puppet/ + ProxyPreserveHost on + +</VirtualHost> + |