Project

General

Profile

28-katello-reverse-proxy.conf

Travis Camechis, 12/01/2015 09:31 AM

 
1
# ************************************
2
# Vhost template in module puppetlabs-apache
3
# Managed by Puppet
4
# ************************************
5

    
6
<VirtualHost *:8443>
7
  ServerName isolated
8

    
9
  ## Vhost docroot
10
  DocumentRoot "/var/www/"
11

    
12
  ## Directories, there should at least be a declaration for /var/www/
13

    
14
  #<Directory "/var/www/">
15
  #  Options Indexes FollowSymLinks MultiViews
16
  #  AllowOverride None
17
  #  Require all granted
18
  #</Directory>
19

    
20
  ## Logging
21
  ErrorLog "/var/log/httpd/katello-reverse-proxy_error_ssl.log"
22
  ServerSignature Off
23
  CustomLog "/var/log/httpd/katello-reverse-proxy_access_ssl.log" combined
24
  ErrorDocument 503 '{"displayMessage": "Internal error, contact administrator", "errors": ["Internal error, contact administrator"], "status": "500" }'
25
  ErrorDocument 503 '{"displayMessage": "Service unavailable or restarting, try later", "errors": ["Service unavailable or restarting, try later"], "status": "503" }'
26

    
27
  ## Proxy rules
28
  ProxyRequests Off
29
  ProxyPass /rhsm/ https://isolated/rhsm/
30
  ProxyPassReverse /rhsm/ https://isolated/rhsm/
31
 # <Location /rhsm>
32
 #   ProxyPassReverse /rhsm
33
 #   ProxyPassReverse https://isolated/rhsm
34
 # </Location>
35

    
36
  ## SSL directives
37
  SSLEngine on
38
  SSLCertificateFile      "/etc/pki/katello/certs/katello-apache.crt"
39
  SSLCertificateKeyFile   "/etc/pki/katello/private/katello-apache.key"
40
  SSLCACertificatePath    "/etc/pki/tls/certs"
41
  SSLCACertificateFile    "/etc/pki/katello/certs/katello-default-ca.crt"
42
  SSLProxyEngine On
43
  SSLVerifyClient         optional
44
  SSLVerifyDepth          10
45
  SSLOptions +StdEnvVars +ExportCertData +FakeBasicAuth
46

    
47
  ## Request header rules
48
  ## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader
49
  RequestHeader set X_RHSM_SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
50

    
51
  ## Custom fragment
52

    
53
      SSLProxyCACertificateFile /etc/pki/katello/certs/katello-default-ca.crt
54
      SSLProxyMachineCertificateFile /etc/pki/katello/private/isolated-foreman-proxy-client-bundle.pem
55

    
56
</VirtualHost>