mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-05-03 05:12:35 +08:00
55185861c8
- Updating apache proxy config to handle ocp4 CA cert - place ocp4 CA cert on proxies - add ocp4 stg ca cert to haproxy/files Signed-off-by: David Kirwan <dkirwan@redhat.com>
76 lines
2.3 KiB
Plaintext
76 lines
2.3 KiB
Plaintext
{% if rewrite %}
|
|
RewriteEngine On
|
|
RewriteRule ^{{remotepath}}$ %{REQUEST_URI}/ [R=301]
|
|
|
|
{% endif %}
|
|
{% if header_scheme %}
|
|
RequestHeader set X-Forwarded-Scheme https early
|
|
RequestHeader set X-Scheme https early
|
|
RequestHeader set X-Forwarded-Proto https early
|
|
|
|
{% endif %}
|
|
{% if header_expect %}
|
|
RequestHeader unset Expect early
|
|
|
|
{% endif %}
|
|
{% if keephost %}
|
|
ProxyPreserveHost On
|
|
{% endif %}
|
|
|
|
{% if balancer_name is defined %}
|
|
SSLProxyEngine On
|
|
|
|
{% if targettype is defined and targettype == "openshift" %}
|
|
SSLProxyVerify require
|
|
SSLProxyCheckPeerName Off
|
|
{% if ocp4 and env == "production" %}
|
|
SSLProxyCACertificateFile "/etc/haproxy/ocp-prod.pem"
|
|
{% elif ocp4 and env == "staging" %}
|
|
SSLProxyCACertificateFile "/etc/haproxy/ocp-stg.pem"
|
|
{% else %}
|
|
SSLProxyCACertificateFile "/etc/haproxy/os-master.pem"
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
<Proxy "balancer://{{balancer_name}}-websocket">
|
|
{% for member in balancer_members %}
|
|
{% if http_not_https_yes_this_is_insecure_and_i_feel_bad %}
|
|
{% if remotepath is defined and remotepath != "/" %}
|
|
BalancerMember "ws://{{ member }}{{ remotepath }}"
|
|
{% else %}
|
|
BalancerMember "ws://{{ member }}"
|
|
{% endif %}
|
|
{% else %}
|
|
{% if remotepath is defined and remotepath != "/" %}
|
|
BalancerMember "wss://{{ member }}{{ remotepath }}"
|
|
{% else %}
|
|
BalancerMember "wss://{{ member }}"
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
</Proxy>
|
|
|
|
RewriteEngine on
|
|
RewriteCond %{HTTP:Upgrade} ^WebSocket$ [NC]
|
|
RewriteCond %{HTTP:Connection} Upgrade [NC]
|
|
{% if remotepath is defined and remotepath != "/" %}
|
|
RewriteCond %{REQUEST_URI} ^{{ remotepath }}/(.)*
|
|
{% endif %}
|
|
RewriteRule .* "balancer://{{ balancer_name }}-websocket%{REQUEST_URI}" [P]
|
|
|
|
<Proxy "balancer://{{balancer_name}}">
|
|
{% for member in balancer_members %}
|
|
{% if http_not_https_yes_this_is_insecure_and_i_feel_bad %}
|
|
BalancerMember "http://{{ member }}"
|
|
{% else %}
|
|
BalancerMember "https://{{ member }}"
|
|
{% endif %}
|
|
{% endfor %}
|
|
</Proxy>
|
|
ProxyPass {{ localpath }} "balancer://{{balancer_name}}{{remotepath}}"
|
|
ProxyPassReverse {{ localpath }} "balancer://{{balancer_name}}{{remotepath}}"
|
|
{% else %}
|
|
ProxyPass {{ localpath }} {{ proxyurl }}{{remotepath}} {{ proxyopts }}
|
|
ProxyPassReverse {{ localpath }} {{ proxyurl }}{{remotepath}}
|
|
{% endif %}
|