Foreman » Smart Proxy

h1. Settings

The configuration for the smart-proxy is held in the *config/settings.yml* file.

The first non-comment line of this file must be three dashes.

<pre>

---

</pre>

The existance of all three ssl key entries enables the use of an SSL connections.

NOTE that both client certificates need to be signed by the same CA, which must be in the ca_file, in order for this to work

see http://theforeman.org/projects/smart-proxy/wiki/SSL for more information

<pre>

:ssl_certificate: ssl/certs/fqdn.pem

:ssl_ca_file: ssl/certs/ca.pem

:ssl_private_key: ssl/private_keys/fqdn.key

</pre>

This is the list of hosts from which the smart proxy will accept connections. If this list is empty then every verified SSL connection is allowed to access the API.

<pre>

:trusted_hosts:

- foreman.prod.domain

- foreman.dev.domain

</pre>

If this entry is present and not false then the smart-proxy will attempt to disconnect itself from the controlling terminal and daemonize itself.

<pre>

:daemon: true

</pre>

The port listened to by the proxy. If this is not present then the default Sinatra port of 4567 is used.

<pre>

:port: 8443

</pre>

# Enable TFTP management

:tftp: true

:tftproot: /tmp/tftpboot

# Enable DNS management

:dns: true

:dns_key: /home/proxy/keys/Kapi.+157+47848.private

# Enable DHCP management

:dhcp: true

# The vendor can be either isc or native_ms

:dhcp_vendor: isc

# Settings for Ubuntu ISC

#:dhcp_config: /etc/dhcp3/dhcpd.conf

#:dhcp_leases: /var/lib/dhcp3/dhcpd.leases

# Settings for Redhat ISC

:dhcp_config: etc/dhcpd.conf

:dhcp_leases: etc/dhcpd.leases

# enable PuppetCA management

#:puppetca: true

# enable Puppet management

#:puppet: true

# Where our proxy log files are stored

# filename or STDOUT

:log_file: /tmp/proxy.log

# valid options are

# Logger::WARN, Logger::DEBUG, Logger::Error, Logger::Fatal, Logger:INFO, LOGGER::UNKNOWN

#:log_level: Logger::DEBUG

</pre>