Move proxy reverse cache to port 8080

As not to affect rewrite rules for our AFS mirrors, move caching to port 8080. Also means we can more easily identify traffic. Add missing setting for SSL support and http proxy. Note, mod ssl is already enabled by puppet-httpd. Change-Id: I4b3a13ff3ec2e1045ade18fc21741cba9e28f117 Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2017-03-30 11:49:28 -04:00 · 2017-03-30 11:49:28 -04:00 · 9108e18c5f
parent ab154ab0f9
commit 9108e18c5f
3 changed files with 31 additions and 1 deletions
--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -646,7 +646,7 @@ node /^mirror\..*\.openstack\.org$/ {
  $group = "mirror"

  class { 'openstack_project::server':
-    iptables_public_tcp_ports => [22, 80],
+    iptables_public_tcp_ports => [22, 80, 8080],
    sysadmins                 => hiera('sysadmins', []),
    afs                       => true,
    afs_cache_size            => 50000000,  # 50GB
--- a/modules/openstack_project/manifests/mirror.pp
+++ b/modules/openstack_project/manifests/mirror.pp
@ -240,6 +240,12 @@ class openstack_project::mirror (
    }
  }

+  if ! defined(Httpd::Mod['proxy_http']) {
+    httpd::mod { 'proxy_http':
+      ensure => present,
+    }
+  }
+
  ::httpd::vhost { $vhost_name:
    port     => 80,
    priority => '50',
--- a/modules/openstack_project/templates/mirror.vhost.erb
+++ b/modules/openstack_project/templates/mirror.vhost.erb
@ -3,6 +3,11 @@
 # ************************************

 NameVirtualHost <%= @vhost_name %>:<%= @port %>
+
+# Dedicated port for proxy caching, as not to affect afs mirrors.
+Listen 8080
+NameVirtualHost <%= @vhost_name %>:8080
+
 <VirtualHost <%= @vhost_name %>:<%= @port %>>
    ServerName <%= @srvname %>
    <% if @serveraliases.is_a? Array -%>
@ -81,6 +86,23 @@ NameVirtualHost <%= @vhost_name %>:<%= @port %>
    LogLevel warn
    CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined
    ServerSignature Off
+</VirtualHost>
+
+<VirtualHost <%= @vhost_name %>:8080>
+    ServerName <%= @srvname %>:8080
+
+    # Disable directory listing by default.
+    <Directory />
+      Order Deny,Allow
+      Deny from all
+      Options None
+      AllowOverride None
+    </Directory>
+
+    ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_proxy_error.log
+    LogLevel warn
+    CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_proxy_access.log combined
+    ServerSignature Off

    # Caching reverse proxy for things that don't make sense in AFS
    #
@ -88,6 +110,8 @@ NameVirtualHost <%= @vhost_name %>:<%= @port %>
    CacheRoot "/opt/apache_cache"
    CacheDirLevels 5
    CacheDirLength 3
+    # SSL support
+    SSLProxyEngine on
    # Prevent thundering herds.
    CacheLock on
    CacheLockPath "/tmp/mod_cache-lock"