# ************************************
# Vhost template in module puppetlabs-apache
# Managed by Puppet
# ************************************

<VirtualHost *:8443>
  ServerName isolated

  ## Vhost docroot
  DocumentRoot "/var/www/"

  ## Directories, there should at least be a declaration for /var/www/

  #<Directory "/var/www/">
  #  Options Indexes FollowSymLinks MultiViews
  #  AllowOverride None
  #  Require all granted
  #</Directory>

  ## Logging
  ErrorLog "/var/log/httpd/katello-reverse-proxy_error_ssl.log"
  ServerSignature Off
  CustomLog "/var/log/httpd/katello-reverse-proxy_access_ssl.log" combined
  ErrorDocument 503 '{"displayMessage": "Internal error, contact administrator", "errors": ["Internal error, contact administrator"], "status": "500" }'
  ErrorDocument 503 '{"displayMessage": "Service unavailable or restarting, try later", "errors": ["Service unavailable or restarting, try later"], "status": "503" }'

  ## Proxy rules
  ProxyRequests Off
  ProxyPass /rhsm/ https://isolated/rhsm/
  ProxyPassReverse /rhsm/ https://isolated/rhsm/
 # <Location /rhsm>
 #   ProxyPassReverse /rhsm
 #   ProxyPassReverse https://isolated/rhsm
 # </Location>

  ## SSL directives
  SSLEngine on
  SSLCertificateFile      "/etc/pki/katello/certs/katello-apache.crt"
  SSLCertificateKeyFile   "/etc/pki/katello/private/katello-apache.key"
  SSLCACertificatePath    "/etc/pki/tls/certs"
  SSLCACertificateFile    "/etc/pki/katello/certs/katello-default-ca.crt"
  SSLProxyEngine On
  SSLVerifyClient         optional
  SSLVerifyDepth          10
  SSLOptions +StdEnvVars +ExportCertData +FakeBasicAuth

  ## Request header rules
  ## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader
  RequestHeader set X_RHSM_SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"

  ## Custom fragment

      SSLProxyCACertificateFile /etc/pki/katello/certs/katello-default-ca.crt
      SSLProxyMachineCertificateFile /etc/pki/katello/private/isolated-foreman-proxy-client-bundle.pem

</VirtualHost>