aboutsummaryrefslogtreecommitdiffstats
path: root/manifests
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2016-12-12 15:00:58 +0200
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2016-12-20 08:50:08 +0000
commitd4453c95d97eec0f45aa0db1d685935d63037fac (patch)
treedf16df2515cd5d07e20adcaeb4d539883bb87186 /manifests
parent48eef39ca35fda6e544cb43f0ee974f600608fd2 (diff)
Add TLS proxy resource
some services need a terminating proxy to do TLS on their main interfaces, to address this, we use httpd's mod_proxy and make it listen in front of these services with an appropriate certificate. bp tls-via-certmonger Change-Id: I82243fd3acfe4f23aab373116b78e1daf9d08467
Diffstat (limited to 'manifests')
-rw-r--r--manifests/tls_proxy.pp60
1 files changed, 60 insertions, 0 deletions
diff --git a/manifests/tls_proxy.pp b/manifests/tls_proxy.pp
new file mode 100644
index 0000000..36d6b6d
--- /dev/null
+++ b/manifests/tls_proxy.pp
@@ -0,0 +1,60 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::tls_proxy
+#
+# Sets up a TLS proxy using mod_proxy that redirects towards localhost.
+#
+# === Parameters
+#
+# [*ip*]
+# The IP address that the proxy will be listening on.
+#
+# [*port*]
+# The port that the proxy will be listening on.
+#
+# [*servername*]
+# The vhost servername that contains the FQDN to identify the virtual host.
+#
+# [*tls_cert*]
+# The path to the TLS certificate that the proxy will be serving.
+#
+# [*tls_key*]
+# The path to the key used for the specified certificate.
+#
+define tripleo::tls_proxy(
+ $ip,
+ $port,
+ $servername,
+ $tls_cert,
+ $tls_key,
+) {
+ ::apache::vhost { "${title}-proxy":
+ ensure => 'present',
+ docroot => undef, # This is required by the manifest
+ manage_docroot => false,
+ servername => $servername,
+ ip => $ip,
+ port => $port,
+ ssl => true,
+ ssl_cert => $tls_cert,
+ ssl_key => $tls_key,
+ request_headers => ['set X-Forwarded-Proto "https"'],
+ proxy_pass => {
+ path => '/',
+ url => "http://localhost:${port}/",
+ params => {retry => '10'},
+ }
+ }
+}