Project

General

Profile

Download (1.96 KB)

Bug #12646 ยป 28-katello-reverse-proxy.conf

Travis Camechis, 12/01/2015 09:31 AM

 
# ************************************
# Vhost template in module puppetlabs-apache
# Managed by Puppet
# ************************************

<VirtualHost *:8443>
ServerName isolated

## Vhost docroot
DocumentRoot "/var/www/"

## Directories, there should at least be a declaration for /var/www/

#<Directory "/var/www/">
# Options Indexes FollowSymLinks MultiViews
# AllowOverride None
# Require all granted
#</Directory>

## Logging
ErrorLog "/var/log/httpd/katello-reverse-proxy_error_ssl.log"
ServerSignature Off
CustomLog "/var/log/httpd/katello-reverse-proxy_access_ssl.log" combined
ErrorDocument 503 '{"displayMessage": "Internal error, contact administrator", "errors": ["Internal error, contact administrator"], "status": "500" }'
ErrorDocument 503 '{"displayMessage": "Service unavailable or restarting, try later", "errors": ["Service unavailable or restarting, try later"], "status": "503" }'

## Proxy rules
ProxyRequests Off
ProxyPass /rhsm/ https://isolated/rhsm/
ProxyPassReverse /rhsm/ https://isolated/rhsm/
# <Location /rhsm>
# ProxyPassReverse /rhsm
# ProxyPassReverse https://isolated/rhsm
# </Location>

## SSL directives
SSLEngine on
SSLCertificateFile "/etc/pki/katello/certs/katello-apache.crt"
SSLCertificateKeyFile "/etc/pki/katello/private/katello-apache.key"
SSLCACertificatePath "/etc/pki/tls/certs"
SSLCACertificateFile "/etc/pki/katello/certs/katello-default-ca.crt"
SSLProxyEngine On
SSLVerifyClient optional
SSLVerifyDepth 10
SSLOptions +StdEnvVars +ExportCertData +FakeBasicAuth

## Request header rules
## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader
RequestHeader set X_RHSM_SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"

## Custom fragment

SSLProxyCACertificateFile /etc/pki/katello/certs/katello-default-ca.crt
SSLProxyMachineCertificateFile /etc/pki/katello/private/isolated-foreman-proxy-client-bundle.pem

</VirtualHost>
    (1-1/1)