diff options
| author | Jan Dittberner <jandd@cacert.org> | 2017-08-26 22:22:23 +0200 |
|---|---|---|
| committer | Jan Dittberner <jandd@cacert.org> | 2017-08-26 22:22:23 +0200 |
| commit | 55b9888e1b8cabaf60bb010f070eb8a5d94ab760 (patch) | |
| tree | a28bfe9532118b1dfa8a12e404111751ba0d88f6 | |
| parent | dae9adaf631bce813c260aa074a6b33cc2986eb3 (diff) | |
| download | cacert-puppet-55b9888e1b8cabaf60bb010f070eb8a5d94ab760.tar.gz cacert-puppet-55b9888e1b8cabaf60bb010f070eb8a5d94ab760.tar.xz cacert-puppet-55b9888e1b8cabaf60bb010f070eb8a5d94ab760.zip | |
Enable http handling in sniproxy, forward arbitration instead of git
| -rw-r--r-- | hieradata/nodes/proxyin.yaml | 2 | ||||
| -rw-r--r-- | sitemodules/profiles/templates/sniproxy/sniproxy.conf.epp | 58 |
2 files changed, 14 insertions, 46 deletions
diff --git a/hieradata/nodes/proxyin.yaml b/hieradata/nodes/proxyin.yaml index fa0cec0..e2b12d1 100644 --- a/hieradata/nodes/proxyin.yaml +++ b/hieradata/nodes/proxyin.yaml @@ -4,5 +4,5 @@ classes: profiles::base::admins: - jandd profiles::sniproxy::https_forwards: + - "arbitation\\.cacert\\.org$ 10.0.0.241:443" - "motion\\.cacert\\.org$ 10.0.0.117:8443" - - "git\\.cacert\\.org$ 10.0.0.250:443" diff --git a/sitemodules/profiles/templates/sniproxy/sniproxy.conf.epp b/sitemodules/profiles/templates/sniproxy/sniproxy.conf.epp index 38d7138..9791139 100644 --- a/sitemodules/profiles/templates/sniproxy/sniproxy.conf.epp +++ b/sitemodules/profiles/templates/sniproxy/sniproxy.conf.epp @@ -7,8 +7,6 @@ # lines with only white space are ignored user daemon - -# PID file pidfile /var/run/sniproxy.pid error_log { @@ -22,18 +20,17 @@ error_log { priority notice } -# blocks are delimited with {...} -#listen 80 { -# proto http -# table http_hosts -# # Fallback backend server to use if we can not parse the client request -# fallback localhost:8080 -# -# access_log { -# filename /var/log/sniproxy/http_access.log -# priority notice -# } -#} +listen 80 { + proto http + table http_hosts + # Fallback backend server to use if we can not parse the client request + fallback 127.0.0.1:8080 + + access_log { + filename /var/log/sniproxy/http_access.log + priority notice + } +} listen 443 { proto tls @@ -45,40 +42,11 @@ listen 443 { } } -# named tables are defined with the table directive -#table http_hosts { -# example.com 192.0.2.10:8001 -# example.net 192.0.2.10:8002 -# example.org 192.0.2.10:8003 - -# pattern: -# valid Perl-compatible Regular Expression that matches the -# hostname -# -# target: -# - a DNS name -# - an IP address (with optional port) -# - '*' to use the hostname that the client requested -# -# pattern target -#.*\.itunes\.apple\.com$ *:443 -#.* 127.0.0.1:4443 -#} +table http_hosts { +} -# named tables are defined with the table directive table https_hosts { - # When proxying to local sockets you should use different tables since the - # local socket server most likely will not autodetect which protocol is - # being used <%- $https_forwards.each |$forward| { %> <%= $forward -%> <% } %> } - -# if no table specified the default 'default' table is defined -#table { -# # if no port is specified default HTTP (80) and HTTPS (443) ports are -# # assumed based on the protocol of the listen block using this table -# example.com 192.0.2.10 -# example.net 192.0.2.20 -#} |