Skip to content

Commit e581de1

Browse files
stejskalleosstejskalleos
committed
httpd vhost:80 configuration
Redirect Foreman http -> https Allow pulp for http and https
1 parent f66a325 commit e581de1

File tree

3 files changed

+87
-0
lines changed

3 files changed

+87
-0
lines changed

src/roles/httpd/tasks/main.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,14 @@
4343
- src: "{{ httpd_server_key }}"
4444
dest: "private/katello-apache.key"
4545

46+
- name: Configure foreman vhost
47+
ansible.builtin.template:
48+
src: foreman-vhost.conf.j2
49+
dest: /etc/httpd/conf.d/foreman.conf
50+
mode: "0644"
51+
notify:
52+
- Restart httpd
53+
4654
- name: Configure foreman-ssl vhost
4755
ansible.builtin.template:
4856
src: foreman-ssl-vhost.conf.j2

src/roles/httpd/templates/foreman-vhost.conf.j2

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
<VirtualHost *:80>
2+
ServerName {{ ansible_facts['fqdn'] }}
3+
4+
## Load additional static includes
5+
IncludeOptional "/etc/httpd/conf.d/05-foreman.d/*.conf"
6+
7+
## Logging
8+
ErrorLog "/var/log/httpd/foreman_error.log"
9+
ServerSignature Off
10+
CustomLog "/var/log/httpd/foreman_access.log" combined
11+
12+
## Request header rules
13+
## as per http://httpd.apache.org/docs/2.4/mod/mod_headers.html#requestheader
14+
RequestHeader set X-FORWARDED-PROTO "http"
15+
RequestHeader set SSL-CLIENT-S-DN ""
16+
RequestHeader set SSL-CLIENT-CERT ""
17+
RequestHeader set SSL-CLIENT-VERIFY ""
18+
RequestHeader unset REMOTE_USER
19+
RequestHeader unset REMOTE-USER
20+
21+
ProxyPass /pulp_ansible/galaxy/ {{ httpd_pulp_api_backend }}/pulp_ansible/galaxy/
22+
ProxyPassReverse /pulp_ansible/galaxy/ {{ httpd_pulp_api_backend }}/pulp_ansible/galaxy/
23+
24+
<Location "/pulpcore_registry/v2/">
25+
RequestHeader unset REMOTE_USER
26+
RequestHeader unset REMOTE-USER
27+
RequestHeader set REMOTE-USER "admin" "expr=%{SSL_CLIENT_S_DN_CN} == '{{ ansible_facts['fqdn'] }}'"
28+
ProxyPass {{ httpd_pulp_api_backend }}/v2/
29+
ProxyPassReverse {{ httpd_pulp_api_backend }}/v2/
30+
</Location>
31+
32+
ProxyPass /pulp/container/ {{ httpd_pulp_content_backend }}/pulp/container/
33+
ProxyPassReverse /pulp/container/ {{ httpd_pulp_content_backend }}/pulp/container/
34+
35+
<Location "/pulp/content">
36+
RequestHeader unset X-CLIENT-CERT
37+
RequestHeader set X-CLIENT-CERT "%{SSL_CLIENT_CERT}s" env=SSL_CLIENT_CERT
38+
ProxyPass {{ httpd_pulp_content_backend }}/pulp/content disablereuse=on timeout=600
39+
ProxyPassReverse {{ httpd_pulp_content_backend }}/pulp/content
40+
</Location>
41+
42+
<Location "/pulp/api/v3">
43+
RequestHeader unset REMOTE_USER
44+
RequestHeader unset REMOTE-USER
45+
RequestHeader set REMOTE-USER "admin" "expr=%{SSL_CLIENT_S_DN_CN} == '{{ ansible_facts['fqdn'] }}'"
46+
ProxyPass {{ httpd_pulp_api_backend }}/pulp/api/v3 timeout=600
47+
ProxyPassReverse {{ httpd_pulp_api_backend }}/pulp/api/v3
48+
</Location>
49+
50+
ProxyPass /pulp/assets/ {{ httpd_pulp_api_backend }}/pulp/assets/
51+
ProxyPassReverse /pulp/assets/ {{ httpd_pulp_api_backend }}/pulp/assets/
52+
53+
## Proxy rules
54+
ProxyRequests Off
55+
ProxyPreserveHost On
56+
ProxyAddHeaders On
57+
ProxyPass /pulp !
58+
ProxyPass /icons !
59+
ProxyPass /server-status !
60+
ProxyPass / {{ httpd_foreman_backend }}/ retry=0 timeout=900
61+
ProxyPassReverse / {{ httpd_foreman_backend }}/
62+
63+
AddDefaultCharset UTF-8
64+
</VirtualHost>

tests/httpd_test.py

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,3 +41,18 @@ def test_https_pulp_auth(server, certificates, server_fqdn):
4141
cmd = server.run(f"curl --cacert {certificates['ca_certificate']} --silent --write-out '%{{stderr}}%{{http_code}}' --cert {certificates['client_certificate']} --key {certificates['client_key']} https://{server_fqdn}/pulp/api/v3/users/")
4242
assert cmd.succeeded
4343
assert cmd.stderr == '200'
44+
45+
def test_http_foreman(server, server_fqdn):
46+
cmd = server.run(f"curl --silent --output /dev/null --write-out '%{{http_code}}' http://{server_fqdn}")
47+
assert cmd.succeeded
48+
assert cmd.stdout == '200'
49+
50+
def test_http_pulp_status(server, server_fqdn):
51+
cmd = server.run(f"curl --silent --output /dev/null --write-out '%{{http_code}}' http://{server_fqdn}/pulp/api/v3/status/")
52+
assert cmd.succeeded
53+
assert cmd.stdout == '200'
54+
55+
def test_http_pulp_content(server, server_fqdn):
56+
cmd = server.run(f"curl --silent --output /dev/null --write-out '%{{http_code}}' http://{server_fqdn}/pulp/content/")
57+
assert cmd.succeeded
58+
assert cmd.stdout == '200'

0 commit comments

Comments
 (0)