Mark Bergsma has uploaded a new change for review.
https://gerrit.wikimedia.org/r/75601
Change subject: Setup NGINX for HTTPS on the Varnish servers
......................................................................
Setup NGINX for HTTPS on the Varnish servers
Change-Id: Ia9fafa19250510f1a4681571e175595931a1cf62
---
M manifests/role/cache.pp
1 file changed, 21 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/01/75601/1
diff --git a/manifests/role/cache.pp b/manifests/role/cache.pp
index 226d142..587ddf8 100644
--- a/manifests/role/cache.pp
+++ b/manifests/role/cache.pp
@@ -772,6 +772,27 @@
include misc::monitoring::htcp-loss
}
}
+
+ class ssl::text {
+ include certificates::wmf_ca, role::protoproxy::ssl::common,
protoproxy::ganglia
+
+ # Assumes that LVS service IPs are setup elsewhere
+
+ # Nagios monitoring
+ monitor_service { "https": description => "HTTPS", check_command =>
"check_ssl_cert!*.wikimedia.org", critical => true }
+
+ install_certificate{ 'unified.wikimedia.org': }
+
+ protoproxy{ 'text':
+ proxy_server_cert_name => 'unified.wikimedia.org',
+ proxy_backend => {
+ # send all traffic to the local cache
+ 'pmtpa' => { 'primary' => '127.0.0.1' }
+ },
+ ipv6_enabled => false,
+ enabled => true
+ }
+ }
class text {
--
To view, visit https://gerrit.wikimedia.org/r/75601
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia9fafa19250510f1a4681571e175595931a1cf62
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Mark Bergsma <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
