From 9108e18c5fdca72ab735445dd0e8224d815274a3 Mon Sep 17 00:00:00 2001 From: Paul Belanger Date: Thu, 30 Mar 2017 11:49:28 -0400 Subject: [PATCH] Move proxy reverse cache to port 8080 As not to affect rewrite rules for our AFS mirrors, move caching to port 8080. Also means we can more easily identify traffic. Add missing setting for SSL support and http proxy. Note, mod ssl is already enabled by puppet-httpd. Change-Id: I4b3a13ff3ec2e1045ade18fc21741cba9e28f117 Signed-off-by: Paul Belanger --- manifests/site.pp | 2 +- modules/openstack_project/manifests/mirror.pp | 6 +++++ .../templates/mirror.vhost.erb | 24 +++++++++++++++++++ 3 files changed, 31 insertions(+), 1 deletion(-) diff --git a/manifests/site.pp b/manifests/site.pp index 0b1a275a7a..1752da6aed 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -646,7 +646,7 @@ node /^mirror\..*\.openstack\.org$/ { $group = "mirror" class { 'openstack_project::server': - iptables_public_tcp_ports => [22, 80], + iptables_public_tcp_ports => [22, 80, 8080], sysadmins => hiera('sysadmins', []), afs => true, afs_cache_size => 50000000, # 50GB diff --git a/modules/openstack_project/manifests/mirror.pp b/modules/openstack_project/manifests/mirror.pp index 867ef6df5c..3aaf653e53 100644 --- a/modules/openstack_project/manifests/mirror.pp +++ b/modules/openstack_project/manifests/mirror.pp @@ -240,6 +240,12 @@ class openstack_project::mirror ( } } + if ! defined(Httpd::Mod['proxy_http']) { + httpd::mod { 'proxy_http': + ensure => present, + } + } + ::httpd::vhost { $vhost_name: port => 80, priority => '50', diff --git a/modules/openstack_project/templates/mirror.vhost.erb b/modules/openstack_project/templates/mirror.vhost.erb index ccbd83870a..625ffca9ed 100644 --- a/modules/openstack_project/templates/mirror.vhost.erb +++ b/modules/openstack_project/templates/mirror.vhost.erb @@ -3,6 +3,11 @@ # ************************************ NameVirtualHost <%= @vhost_name %>:<%= @port %> + +# Dedicated port for proxy caching, as not to affect afs mirrors. +Listen 8080 +NameVirtualHost <%= @vhost_name %>:8080 + :<%= @port %>> ServerName <%= @srvname %> <% if @serveraliases.is_a? Array -%> @@ -81,6 +86,23 @@ NameVirtualHost <%= @vhost_name %>:<%= @port %> LogLevel warn CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined ServerSignature Off + + +:8080> + ServerName <%= @srvname %>:8080 + + # Disable directory listing by default. + + Order Deny,Allow + Deny from all + Options None + AllowOverride None + + + ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_proxy_error.log + LogLevel warn + CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_proxy_access.log combined + ServerSignature Off # Caching reverse proxy for things that don't make sense in AFS # @@ -88,6 +110,8 @@ NameVirtualHost <%= @vhost_name %>:<%= @port %> CacheRoot "/opt/apache_cache" CacheDirLevels 5 CacheDirLength 3 + # SSL support + SSLProxyEngine on # Prevent thundering herds. CacheLock on CacheLockPath "/tmp/mod_cache-lock"