Installing and Configuring Apache Http Server
httpd
manifest can be configured to customize the httpd.conf and ssl.conf in the following ways
This installs apache http server and starts the service with out any rules for redirecting requests to tomcat.
class { "httpd" : }
$httpRedirects = ["/ananya/ http://192.168.42.38:8080/ananya/"]
class { "httpd" : }
This will redirect any requests to apache server with http://host:port/ananya/* to 8080 port (default tomcat). You could add as many configurations as needed in httpRedirects variable just separating entries by comma. What it does internally is sets up ProxyPass and ProxyPassReverse with each of the element in httpRedirectsArray
The above configuration will update httpd.conf with the following
<VirtualHost *:80>
ProxyPass /ananya/ http://192.168.42.38:8080/ananya/
ProxyPassReverse /ananya/ http://192.168.42.38:8080/ananya/
</VirtualHost>
class { "httpd" :
sslEnabled => true,
sslCertificateFile => "/etc/pki/tls/certs/localhost.crt",
sslCertificateKeyFile => "/etc/pki/tls/private/localhost.key",
}
The parameters for httpd class are self explanatory, this will enable ssl module for httpd and configures certificate keys in ssl.conf. This will by default redirect all requests from http to https
With this the httpd.conf looks like
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
...
</VirtualHost>
In few implementations there is a need to exclude requests from certain systems from redirecting to https (use only http). You could do that by simply initializing the variable as given below.
$sslExcludeList = ["127.0.0.1","192.168.42.45"]
class { "httpd" :
sslEnabled => true,
sslCertificateFile => "/etc/pki/tls/certs/localhost.crt",
sslCertificateKeyFile => "/etc/pki/tls/private/localhost.key",
}
Use as many IP address as needed separated by comma. This will make httpd.conf look like this
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REMOTE_HOST} !(127.0.0.1|192.168.42.45)
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
...
</VirtualHost>
$httpsRedirects = ["/ananya/admin http://192.168.42.38:8080/ananya/admin"]
class { "httpd" :
sslEnabled => true,
sslCertificateFile => "/etc/pki/tls/certs/localhost.crt",
sslCertificateKeyFile => "/etc/pki/tls/private/localhost.key",
}
Initialize the httpsRedirects array with comma separated redirects that you would want apache to forward to tomcat for requests coming on https. It just configures ProxyPass and ProxyPassReverse for each of the element in httpsRedirects in ssl.conf
ssl.conf with this change looks like
<VirtualHost _default_:443>
...
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
...
ProxyPass /ananya/admin http://192.168.42.38:8080/ananya/admin
ProxyPassReverse /ananya/admin http://192.168.42.38:8080/ananya/admin
...
</VirtualHost>
Just initialize the following variables and install httpd this will setup a loadbalancer between primary and secondary couchdb instances
$couchdbClusteringEnabled = true
$couchdbClusterPort = 8181
$couchdbPrimaryIp = "192.168.42.51"
$couchdbSecondaryIp = "192.168.42.52"
class { "httpd" : }
This adds the following to the httpd.conf
<VirtualHost *:8181>
ProxyPass / balancer://hotcluster/
<Proxy balancer://hotcluster>
BalancerMember http://192.168.42.51:5984
BalancerMember http://192.168.42.52:5984 status=+H
</Proxy>
</VirtualHost>
Edit the following properties and install httpd to enable apache authentication. This works only if SSL is enabled.
$authenticationRequired = true
$authenticationKey = "APIKey"
$authenticationValues = ["1234","5678"]
$authenticationExcludeList = ["192.168.42.32","192.168.32.31"]
class { "httpd" : slEnabled => true, }
It makes the appropriate changes to ssl.conf.