aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2016-12-22 22:12:41 +0000
committerGerrit Code Review <review@openstack.org>2016-12-22 22:12:41 +0000
commit082270da024d5ccd37eae70a9fde586f1a44d774 (patch)
tree7b75aabc82caa4ca9dcbadf445f6654672f76083
parent3b74e6c05586cc3ad43bcc6a08f15637e55a3566 (diff)
parentd4453c95d97eec0f45aa0db1d685935d63037fac (diff)
Merge "Add TLS proxy resource"
-rw-r--r--manifests/tls_proxy.pp60
1 files changed, 60 insertions, 0 deletions
diff --git a/manifests/tls_proxy.pp b/manifests/tls_proxy.pp
new file mode 100644
index 0000000..36d6b6d
--- /dev/null
+++ b/manifests/tls_proxy.pp
@@ -0,0 +1,60 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::tls_proxy
+#
+# Sets up a TLS proxy using mod_proxy that redirects towards localhost.
+#
+# === Parameters
+#
+# [*ip*]
+# The IP address that the proxy will be listening on.
+#
+# [*port*]
+# The port that the proxy will be listening on.
+#
+# [*servername*]
+# The vhost servername that contains the FQDN to identify the virtual host.
+#
+# [*tls_cert*]
+# The path to the TLS certificate that the proxy will be serving.
+#
+# [*tls_key*]
+# The path to the key used for the specified certificate.
+#
+define tripleo::tls_proxy(
+ $ip,
+ $port,
+ $servername,
+ $tls_cert,
+ $tls_key,
+) {
+ ::apache::vhost { "${title}-proxy":
+ ensure => 'present',
+ docroot => undef, # This is required by the manifest
+ manage_docroot => false,
+ servername => $servername,
+ ip => $ip,
+ port => $port,
+ ssl => true,
+ ssl_cert => $tls_cert,
+ ssl_key => $tls_key,
+ request_headers => ['set X-Forwarded-Proto "https"'],
+ proxy_pass => {
+ path => '/',
+ url => "http://localhost:${port}/",
+ params => {retry => '10'},
+ }
+ }
+}