mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-04-24 10:31:56 +08:00
a6c096617b
So, we renamed the cluster with the ocp-rdu3 name, so drop all this special handling. All the proxies should be able to reach it by that name and via the vpn endpoints it has. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
84 lines
2.4 KiB
Plaintext
84 lines
2.4 KiB
Plaintext
{% if rewrite %}
|
|
RewriteEngine On
|
|
RewriteRule ^{{remotepath}}$ %{REQUEST_URI}/ [R=301]
|
|
|
|
{% endif %}
|
|
{% if header_scheme %}
|
|
RequestHeader set X-Forwarded-Scheme https early
|
|
RequestHeader set X-Scheme https early
|
|
RequestHeader set X-Forwarded-Proto https early
|
|
|
|
{% endif %}
|
|
{% if header_expect %}
|
|
RequestHeader unset Expect early
|
|
|
|
{% endif %}
|
|
{% if keephost %}
|
|
ProxyPreserveHost On
|
|
{% endif %}
|
|
|
|
{% if balancer_name is defined %}
|
|
# This is something that wants a apache balancer
|
|
SSLProxyEngine On
|
|
|
|
{% if ocp4 %}
|
|
SSLProxyVerify require
|
|
SSLProxyCheckPeerName Off
|
|
{% if env == "production" %}
|
|
SSLProxyCACertificateFile "/etc/haproxy/ocp-prod.pem"
|
|
{% elif env == "staging" %}
|
|
SSLProxyCACertificateFile "/etc/haproxy/ocp-stg.pem"
|
|
{% endif %}
|
|
{% elif ocp4_rdu3 %}
|
|
SSLProxyVerify require
|
|
SSLProxyCheckPeerName Off
|
|
{% if env == "production" %}
|
|
SSLProxyCACertificateFile "/etc/haproxy/ocp-prod-rdu3.pem"
|
|
{% elif env == "staging" %}
|
|
SSLProxyCACertificateFile "/etc/haproxy/ocp-stg-rdu3.pem"
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
<Proxy "balancer://{{balancer_name}}-websocket">
|
|
{% for member in balancer_members %}
|
|
{% if http_not_https_yes_this_is_insecure_and_i_feel_bad %}
|
|
{% if remotepath is defined and remotepath != "/" %}
|
|
BalancerMember "ws://{{ member }}{{ remotepath }}"
|
|
{% else %}
|
|
BalancerMember "ws://{{ member }}"
|
|
{% endif %}
|
|
{% else %}
|
|
{% if remotepath is defined and remotepath != "/" %}
|
|
BalancerMember "wss://{{ member }}{{ remotepath }}"
|
|
{% else %}
|
|
BalancerMember "wss://{{ member }}"
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
</Proxy>
|
|
|
|
RewriteEngine on
|
|
RewriteCond %{HTTP:Upgrade} ^WebSocket$ [NC]
|
|
RewriteCond %{HTTP:Connection} Upgrade [NC]
|
|
{% if remotepath is defined and remotepath != "/" %}
|
|
RewriteCond %{REQUEST_URI} ^{{ remotepath }}/(.)*
|
|
{% endif %}
|
|
RewriteRule .* "balancer://{{ balancer_name }}-websocket%{REQUEST_URI}" [P]
|
|
|
|
<Proxy "balancer://{{balancer_name}}">
|
|
{% for member in balancer_members %}
|
|
{% if http_not_https_yes_this_is_insecure_and_i_feel_bad %}
|
|
BalancerMember "http://{{ member }}"
|
|
{% else %}
|
|
BalancerMember "https://{{ member }}"
|
|
{% endif %}
|
|
{% endfor %}
|
|
</Proxy>
|
|
ProxyPass {{ localpath }} "balancer://{{balancer_name}}{{remotepath}}"
|
|
ProxyPassReverse {{ localpath }} "balancer://{{balancer_name}}{{remotepath}}"
|
|
{% else %}
|
|
# This is an application that just goes to one url, not a balancer
|
|
ProxyPass {{ localpath }} {{ proxyurl }}{{remotepath}} {{ proxyopts }}
|
|
ProxyPassReverse {{ localpath }} {{ proxyurl }}{{remotepath}}
|
|
{% endif %}
|