diff options
| author | varac <varacanero@zeromail.org> | 2012-11-03 11:33:38 +0100 |
|---|---|---|
| committer | varac <varacanero@zeromail.org> | 2012-11-03 11:33:38 +0100 |
| commit | 5493d362f7b3abd6c8aa9350341a551c53622604 (patch) | |
| tree | c25a8e52bc9de6fdea58c5fcc787133cf035e219 | |
| parent | 16f007c540d56c2e64c1f73bd1ff49674bd0afeb (diff) | |
configure apache ssl proxy for couchdb
| l--------- | puppet/modules/site-apache | 1 | ||||
| -rw-r--r-- | puppet/modules/site_apache/files/vhosts.d/couchdb_proxy.conf | 10 | ||||
| -rw-r--r-- | puppet/modules/site_couchdb/files/local.ini | 10 | ||||
| -rw-r--r-- | puppet/modules/site_couchdb/manifests/init.pp | 18 |
4 files changed, 29 insertions, 10 deletions
diff --git a/puppet/modules/site-apache b/puppet/modules/site-apache new file mode 120000 index 00000000..f0517fa5 --- /dev/null +++ b/puppet/modules/site-apache @@ -0,0 +1 @@ +site_apache
\ No newline at end of file diff --git a/puppet/modules/site_apache/files/vhosts.d/couchdb_proxy.conf b/puppet/modules/site_apache/files/vhosts.d/couchdb_proxy.conf new file mode 100644 index 00000000..79ad931d --- /dev/null +++ b/puppet/modules/site_apache/files/vhosts.d/couchdb_proxy.conf @@ -0,0 +1,10 @@ +Listen 0.0.0.0:6984 + +<VirtualHost *:6984> + SSLEngine On + SSLProxyEngine On + SSLCertificateKeyFile /etc/couchdb/server_key.pem + SSLCertificateFile /etc/couchdb/server_cert.pem + ProxyPass / http://127.0.0.1:5984/ + ProxyPassReverse / http://127.0.0.1:5984/ +</VirtualHost> diff --git a/puppet/modules/site_couchdb/files/local.ini b/puppet/modules/site_couchdb/files/local.ini index 79dd112e..485c9a29 100644 --- a/puppet/modules/site_couchdb/files/local.ini +++ b/puppet/modules/site_couchdb/files/local.ini @@ -46,14 +46,14 @@ [daemons] ; enable SSL support by uncommenting the following line and supply the PEM's below. ; the default ssl port CouchDB listens on is 6984 -httpsd = {couch_httpd, start_link, [https]} +;httpsd = {couch_httpd, start_link, [https]} [ssl] -cert_file = /etc/couchdb/server_cert.pem -key_file = /etc/couchdb/server_key.pem +;cert_file = /etc/couchdb/server_cert.pem +;key_file = /etc/couchdb/server_key.pem ;password = somepassword ; set to true to validate peer certificates -verify_ssl_certificates = false +;verify_ssl_certificates = false ; Path to file containing PEM encoded CA certificates (trusted ; certificates used for verifying a peer certificate). May be omitted if ; you do not want to verify the peer. @@ -61,7 +61,7 @@ verify_ssl_certificates = false ; The verification fun (optionnal) if not specidied, the default ; verification fun will be used. ;verify_fun = {Module, VerifyFun} -ssl_certificate_max_depth = 1 +;ssl_certificate_max_depth = 1 ; To enable Virtual Hosts in CouchDB, add a vhost = path directive. All requests to ; the Virual Host will be redirected to the path. In the example below all requests ; to http://example.com/ are redirected to /database. diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index e3f5e59f..b296279c 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -9,11 +9,19 @@ class site_couchdb { include site_couchdb::package include site_couchdb::configure + include couchdb::deploy_config - couchdb::ssl::deploy_cert { 'cert': - key => $key, - cert => $cert, - } - include couchdb::deploy_config + #couchdb::ssl::deploy_cert { 'cert': + # key => $key, + # cert => $cert, + #} + + include apache::ssl + apache::module { + 'rewrite': ensure => present; + 'proxy': ensure => present; + 'proxy_http': ensure => present; + } + apache::vhost::file { 'couchdb_proxy': } } |