diff options
author | Jenkins <jenkins@review.openstack.org> | 2016-12-22 22:12:41 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2016-12-22 22:12:41 +0000 |
commit | 082270da024d5ccd37eae70a9fde586f1a44d774 (patch) | |
tree | 7b75aabc82caa4ca9dcbadf445f6654672f76083 | |
parent | 3b74e6c05586cc3ad43bcc6a08f15637e55a3566 (diff) | |
parent | d4453c95d97eec0f45aa0db1d685935d63037fac (diff) |
Merge "Add TLS proxy resource"
-rw-r--r-- | manifests/tls_proxy.pp | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/manifests/tls_proxy.pp b/manifests/tls_proxy.pp new file mode 100644 index 0000000..36d6b6d --- /dev/null +++ b/manifests/tls_proxy.pp @@ -0,0 +1,60 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::tls_proxy +# +# Sets up a TLS proxy using mod_proxy that redirects towards localhost. +# +# === Parameters +# +# [*ip*] +# The IP address that the proxy will be listening on. +# +# [*port*] +# The port that the proxy will be listening on. +# +# [*servername*] +# The vhost servername that contains the FQDN to identify the virtual host. +# +# [*tls_cert*] +# The path to the TLS certificate that the proxy will be serving. +# +# [*tls_key*] +# The path to the key used for the specified certificate. +# +define tripleo::tls_proxy( + $ip, + $port, + $servername, + $tls_cert, + $tls_key, +) { + ::apache::vhost { "${title}-proxy": + ensure => 'present', + docroot => undef, # This is required by the manifest + manage_docroot => false, + servername => $servername, + ip => $ip, + port => $port, + ssl => true, + ssl_cert => $tls_cert, + ssl_key => $tls_key, + request_headers => ['set X-Forwarded-Proto "https"'], + proxy_pass => { + path => '/', + url => "http://localhost:${port}/", + params => {retry => '10'}, + } + } +} |