summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--hieradata/nodes/proxyin.yaml2
-rw-r--r--sitemodules/profiles/templates/sniproxy/sniproxy.conf.epp58
2 files changed, 14 insertions, 46 deletions
diff --git a/hieradata/nodes/proxyin.yaml b/hieradata/nodes/proxyin.yaml
index fa0cec0..e2b12d1 100644
--- a/hieradata/nodes/proxyin.yaml
+++ b/hieradata/nodes/proxyin.yaml
@@ -4,5 +4,5 @@ classes:
profiles::base::admins:
- jandd
profiles::sniproxy::https_forwards:
+ - "arbitation\\.cacert\\.org$ 10.0.0.241:443"
- "motion\\.cacert\\.org$ 10.0.0.117:8443"
- - "git\\.cacert\\.org$ 10.0.0.250:443"
diff --git a/sitemodules/profiles/templates/sniproxy/sniproxy.conf.epp b/sitemodules/profiles/templates/sniproxy/sniproxy.conf.epp
index 38d7138..9791139 100644
--- a/sitemodules/profiles/templates/sniproxy/sniproxy.conf.epp
+++ b/sitemodules/profiles/templates/sniproxy/sniproxy.conf.epp
@@ -7,8 +7,6 @@
# lines with only white space are ignored
user daemon
-
-# PID file
pidfile /var/run/sniproxy.pid
error_log {
@@ -22,18 +20,17 @@ error_log {
priority notice
}
-# blocks are delimited with {...}
-#listen 80 {
-# proto http
-# table http_hosts
-# # Fallback backend server to use if we can not parse the client request
-# fallback localhost:8080
-#
-# access_log {
-# filename /var/log/sniproxy/http_access.log
-# priority notice
-# }
-#}
+listen 80 {
+ proto http
+ table http_hosts
+ # Fallback backend server to use if we can not parse the client request
+ fallback 127.0.0.1:8080
+
+ access_log {
+ filename /var/log/sniproxy/http_access.log
+ priority notice
+ }
+}
listen 443 {
proto tls
@@ -45,40 +42,11 @@ listen 443 {
}
}
-# named tables are defined with the table directive
-#table http_hosts {
-# example.com 192.0.2.10:8001
-# example.net 192.0.2.10:8002
-# example.org 192.0.2.10:8003
-
-# pattern:
-# valid Perl-compatible Regular Expression that matches the
-# hostname
-#
-# target:
-# - a DNS name
-# - an IP address (with optional port)
-# - '*' to use the hostname that the client requested
-#
-# pattern target
-#.*\.itunes\.apple\.com$ *:443
-#.* 127.0.0.1:4443
-#}
+table http_hosts {
+}
-# named tables are defined with the table directive
table https_hosts {
- # When proxying to local sockets you should use different tables since the
- # local socket server most likely will not autodetect which protocol is
- # being used
<%- $https_forwards.each |$forward| { %>
<%= $forward -%>
<% } %>
}
-
-# if no table specified the default 'default' table is defined
-#table {
-# # if no port is specified default HTTP (80) and HTTPS (443) ports are
-# # assumed based on the protocol of the listen block using this table
-# example.com 192.0.2.10
-# example.net 192.0.2.20
-#}