[MediaWiki-commits] [Gerrit] Add a lean definition (and custom template) for SSL proxies ... - change (operations/puppet)

Mark Bergsma (Code Review) Wed, 24 Jul 2013 07:56:52 -0700

Mark Bergsma has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/75606



Change subject: Add a lean definition (and custom template) for SSL proxies to 
localhost
......................................................................

Add a lean definition (and custom template) for SSL proxies to localhost

Change-Id: I45e5a218abd096971e420486199b93632ea50d0a
---
M modules/protoproxy/manifests/init.pp
A modules/protoproxy/templates/localssl.erb
2 files changed, 55 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/06/75606/1

diff --git a/modules/protoproxy/manifests/init.pp 
b/modules/protoproxy/manifests/init.pp
index e6b9624..0fec43b 100644
--- a/modules/protoproxy/manifests/init.pp
+++ b/modules/protoproxy/manifests/init.pp
@@ -83,3 +83,24 @@
     }
 
 }
+
+define protoproxy::localssl(
+    $proxy_server_name,
+    $proxy_server_cert_name,
+    $upstream_port='80'
+) {
+    require protoproxy::package
+    include protoproxy::service
+
+    # The WMF nginx module is pretty bad, and it's almost pointless to use it 
here.
+
+    file { "/etc/nginx/sites-available/${name}":
+        content => template("${module_name}/localssl.erb");
+    }
+
+    nginx_site { $name:
+        require => File["/etc/nginx/sites-available/${name}"],
+        enable  => $enabled,
+        notify  => Service[nginx]
+    }
+}
diff --git a/modules/protoproxy/templates/localssl.erb 
b/modules/protoproxy/templates/localssl.erb
new file mode 100644
index 0000000..3cf434b
--- /dev/null
+++ b/modules/protoproxy/templates/localssl.erb
@@ -0,0 +1,34 @@
+# Proxy site configuration file for <%= proxy_server_name %>
+# This file is managed by Puppet!
+
+upstream localhost {
+       # max fails is ignored when using one host, so we use the same host 
twice
+       server 127.0.0.1:<%= upstream_port %>;
+       server 127.0.0.1:<%= upstream_port %>;
+}
+
+# SSL proxying
+server {
+       ssl on;
+       server_name  <%= proxy_server_name %>;
+
+       error_log   /var/log/nginx/<%= name %>.error.log;
+       access_log   off;
+
+       ssl_certificate /etc/ssl/certs/<%= proxy_server_cert_name 
%>.chained.pem;
+       ssl_certificate_key /etc/ssl/private/<%= proxy_server_cert_name %>.key;
+       keepalive_timeout 60;
+
+       location / {
+               proxy_pass http://localhost;
+
+               proxy_set_header Host $host;
+               proxy_set_header X-Real-IP $remote_addr;
+               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+               proxy_set_header X-Forwarded-Proto https;
+
+               proxy_redirect off;
+               proxy_buffering off;
+       }
+}

-- 
To view, visit https://gerrit.wikimedia.org/r/75606
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I45e5a218abd096971e420486199b93632ea50d0a
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Mark Bergsma <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Add a lean definition (and custom template) for SSL proxies ... - change (operations/puppet)

Reply via email to