# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::tls_proxy
#
# Sets up a TLS proxy using mod_proxy that redirects towards localhost.
#
# === Parameters
#
# [*ip*]
#   The IP address that the proxy will be listening on.
#
# [*port*]
#   The port that the proxy will be listening on.
#
# [*servername*]
#   The vhost servername that contains the FQDN to identify the virtual host.
#
# [*tls_cert*]
#   The path to the TLS certificate that the proxy will be serving.
#
# [*tls_key*]
#   The path to the key used for the specified certificate.
#
define tripleo::tls_proxy(
  $ip,
  $port,
  $servername,
  $tls_cert,
  $tls_key,
) {
  ::apache::vhost { "${title}-proxy":
    ensure          => 'present',
    docroot         => undef,  # This is required by the manifest
    manage_docroot  => false,
    servername      => $servername,
    ip              => $ip,
    port            => $port,
    ssl             => true,
    ssl_cert        => $tls_cert,
    ssl_key         => $tls_key,
    request_headers => ['set X-Forwarded-Proto "https"'],
    proxy_pass      => {
      path   => '/',
      url    => "http://localhost:${port}/",
      params => {retry => '10'},
    }
  }
}