From 5493d362f7b3abd6c8aa9350341a551c53622604 Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 3 Nov 2012 11:33:38 +0100 Subject: configure apache ssl proxy for couchdb --- puppet/modules/site-apache | 1 + .../site_apache/files/vhosts.d/couchdb_proxy.conf | 10 ++++++++++ puppet/modules/site_couchdb/files/local.ini | 10 +++++----- puppet/modules/site_couchdb/manifests/init.pp | 18 +++++++++++++----- 4 files changed, 29 insertions(+), 10 deletions(-) create mode 120000 puppet/modules/site-apache create mode 100644 puppet/modules/site_apache/files/vhosts.d/couchdb_proxy.conf diff --git a/puppet/modules/site-apache b/puppet/modules/site-apache new file mode 120000 index 00000000..f0517fa5 --- /dev/null +++ b/puppet/modules/site-apache @@ -0,0 +1 @@ +site_apache \ No newline at end of file diff --git a/puppet/modules/site_apache/files/vhosts.d/couchdb_proxy.conf b/puppet/modules/site_apache/files/vhosts.d/couchdb_proxy.conf new file mode 100644 index 00000000..79ad931d --- /dev/null +++ b/puppet/modules/site_apache/files/vhosts.d/couchdb_proxy.conf @@ -0,0 +1,10 @@ +Listen 0.0.0.0:6984 + + + SSLEngine On + SSLProxyEngine On + SSLCertificateKeyFile /etc/couchdb/server_key.pem + SSLCertificateFile /etc/couchdb/server_cert.pem + ProxyPass / http://127.0.0.1:5984/ + ProxyPassReverse / http://127.0.0.1:5984/ + diff --git a/puppet/modules/site_couchdb/files/local.ini b/puppet/modules/site_couchdb/files/local.ini index 79dd112e..485c9a29 100644 --- a/puppet/modules/site_couchdb/files/local.ini +++ b/puppet/modules/site_couchdb/files/local.ini @@ -46,14 +46,14 @@ [daemons] ; enable SSL support by uncommenting the following line and supply the PEM's below. ; the default ssl port CouchDB listens on is 6984 -httpsd = {couch_httpd, start_link, [https]} +;httpsd = {couch_httpd, start_link, [https]} [ssl] -cert_file = /etc/couchdb/server_cert.pem -key_file = /etc/couchdb/server_key.pem +;cert_file = /etc/couchdb/server_cert.pem +;key_file = /etc/couchdb/server_key.pem ;password = somepassword ; set to true to validate peer certificates -verify_ssl_certificates = false +;verify_ssl_certificates = false ; Path to file containing PEM encoded CA certificates (trusted ; certificates used for verifying a peer certificate). May be omitted if ; you do not want to verify the peer. @@ -61,7 +61,7 @@ verify_ssl_certificates = false ; The verification fun (optionnal) if not specidied, the default ; verification fun will be used. ;verify_fun = {Module, VerifyFun} -ssl_certificate_max_depth = 1 +;ssl_certificate_max_depth = 1 ; To enable Virtual Hosts in CouchDB, add a vhost = path directive. All requests to ; the Virual Host will be redirected to the path. In the example below all requests ; to http://example.com/ are redirected to /database. diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index e3f5e59f..b296279c 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -9,11 +9,19 @@ class site_couchdb { include site_couchdb::package include site_couchdb::configure + include couchdb::deploy_config - couchdb::ssl::deploy_cert { 'cert': - key => $key, - cert => $cert, - } - include couchdb::deploy_config + #couchdb::ssl::deploy_cert { 'cert': + # key => $key, + # cert => $cert, + #} + + include apache::ssl + apache::module { + 'rewrite': ensure => present; + 'proxy': ensure => present; + 'proxy_http': ensure => present; + } + apache::vhost::file { 'couchdb_proxy': } } -- cgit v1.2.3