diff options
| author | Jan Dittberner <jandd@cacert.org> | 2017-08-26 21:17:21 +0200 |
|---|---|---|
| committer | Jan Dittberner <jandd@cacert.org> | 2017-08-26 21:17:21 +0200 |
| commit | 094c6ff3231a9900c546cebdde146b5663c738e4 (patch) | |
| tree | 98c588a641c6e896a3f03a280f92da9dd2162773 /sitemodules/profiles/templates | |
| parent | e21a64f5583998d1355d7586c4fabe1ca282e26a (diff) | |
| download | cacert-puppet-094c6ff3231a9900c546cebdde146b5663c738e4.tar.gz cacert-puppet-094c6ff3231a9900c546cebdde146b5663c738e4.tar.xz cacert-puppet-094c6ff3231a9900c546cebdde146b5663c738e4.zip | |
Define sniproxy configuration
Diffstat (limited to 'sitemodules/profiles/templates')
| -rw-r--r-- | sitemodules/profiles/templates/sniproxy/sniproxy.conf.epp | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/sitemodules/profiles/templates/sniproxy/sniproxy.conf.epp b/sitemodules/profiles/templates/sniproxy/sniproxy.conf.epp new file mode 100644 index 0000000..f22c9e2 --- /dev/null +++ b/sitemodules/profiles/templates/sniproxy/sniproxy.conf.epp @@ -0,0 +1,80 @@ +<%- | Array[String] $https_forwards = [] | -%> +# sniproxy example configuration file +# lines that start with # are comments +# lines with only white space are ignored + +user daemon + +# PID file +pidfile /var/run/sniproxy.pid + +error_log { + # Log to the daemon syslog facility + syslog daemon + + # Alternatively we could log to file + #filename /var/log/sniproxy/sniproxy.log + + # Control the verbosity of the log + priority notice +} + +# blocks are delimited with {...} +#listen 80 { +# proto http +# table http_hosts +# # Fallback backend server to use if we can not parse the client request +# fallback localhost:8080 +# +# access_log { +# filename /var/log/sniproxy/http_access.log +# priority notice +# } +#} + +listen 443 { + proto tls + table https_hosts + + access_log { + filename /var/log/sniproxy/https_access.log + priority notice + } +} + +# named tables are defined with the table directive +#table http_hosts { +# example.com 192.0.2.10:8001 +# example.net 192.0.2.10:8002 +# example.org 192.0.2.10:8003 + +# pattern: +# valid Perl-compatible Regular Expression that matches the +# hostname +# +# target: +# - a DNS name +# - an IP address (with optional port) +# - '*' to use the hostname that the client requested +# +# pattern target +#.*\.itunes\.apple\.com$ *:443 +#.* 127.0.0.1:4443 +#} + +# named tables are defined with the table directive +table https_hosts { + # When proxying to local sockets you should use different tables since the + # local socket server most likely will not autodetect which protocol is + # being used +<%- $https_forwards.each |$forward| { %> + <%= $forward -%> +<% } %> + +# if no table specified the default 'default' table is defined +#table { + # if no port is specified default HTTP (80) and HTTPS (443) ports are + # assumed based on the protocol of the listen block using this table + #example.com 192.0.2.10 + #example.net 192.0.2.20 +#} |