Ottomata has uploaded a new change for review. https://gerrit.wikimedia.org/r/190951
Change subject: Parameterize secure_proxy_ssl_header for hue ...................................................................... Parameterize secure_proxy_ssl_header for hue Change-Id: I11565ce95f77ab61c3c65443b6cc8baaf4967ba6 --- M manifests/hue.pp M manifests/hue/defaults.pp M templates/hue/hue.ini.erb 3 files changed, 9 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet/cdh refs/changes/51/190951/1 diff --git a/manifests/hue.pp b/manifests/hue.pp index 2f2b3b6..995e05b 100644 --- a/manifests/hue.pp +++ b/manifests/hue.pp @@ -43,6 +43,10 @@ # $ssl_certificate - Path to SSL certificate. Default: /etc/hue/hue.cert # If ssl_private_key and ssl_certificate are set to the defaults, # a self-signed certificate will be generated automatically for you. +# $secure_proxy_ssl_header - Django support for HTTPS termination at the load-balancer +# level with SECURE_PROXY_SSL_HEADER. +# See: https://github.com/cloudera/hue/pull/68 +# Default: false # # === LDAP parameters: # See hue.ini comments for documentation. By default these are undefined. @@ -83,6 +87,7 @@ $ssl_private_key = $cdh::hue::defaults::ssl_private_key, $ssl_certificate = $cdh::hue::defaults::ssl_certificate, + $secure_proxy_ssl_header = $cdh::hue::defaults::secure_proxy_ssl_header, $ldap_url = $cdh::hue::defaults::ldap_url, $ldap_cert = $cdh::hue::defaults::ldap_cert, diff --git a/manifests/hue/defaults.pp b/manifests/hue/defaults.pp index cc6456e..8b010c9 100644 --- a/manifests/hue/defaults.pp +++ b/manifests/hue/defaults.pp @@ -43,6 +43,7 @@ $ssl_private_key = '/etc/ssl/private/hue.key' $ssl_certificate = '/etc/ssl/certs/hue.cert' + $secure_proxy_ssl_header = false $ldap_url = undef $ldap_cert = undef diff --git a/templates/hue/hue.ini.erb b/templates/hue/hue.ini.erb index b3ee481..3892c7d 100644 --- a/templates/hue/hue.ini.erb +++ b/templates/hue/hue.ini.erb @@ -61,6 +61,9 @@ # Filename of SSL Certificate <%= @ssl_certificate ? "ssl_certificate=#{@ssl_certificate}" : '## ssl_certificate=' %> + # Support for HTTPS termination at the load-balancer level with SECURE_PROXY_SSL_HEADER. + secure_proxy_ssl_header=<%= @secure_proxy_ssl_header %> + # List of allowed and disallowed ciphers in cipher list format. # See http://www.openssl.org/docs/apps/ciphers.html for more information on cipher list format. ## ssl_cipher_list=DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2 -- To view, visit https://gerrit.wikimedia.org/r/190951 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I11565ce95f77ab61c3c65443b6cc8baaf4967ba6 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet/cdh Gerrit-Branch: master Gerrit-Owner: Ottomata <[email protected]> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
