Puppet Class: profile::druid::turnilo::proxy
- Defined in:
- modules/profile/manifests/druid/turnilo/proxy.pp
Overview
SPDX-License-Identifier: Apache-2.0
Class profile::druid::turnilo::proxy
Sets up an apache http proxy with WMF ldap authentication. To login, you must be in either the wmf or ops ldap group.
This class can only be used on the same host running turnilo.
Parameters
- server_name
-
VirtualHost ServerName hostname to use.
- turnilo_port
-
Port bound by the Turnilo nodejs service.
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
# File 'modules/profile/manifests/druid/turnilo/proxy.pp', line 17
class profile::druid::turnilo::proxy(
String $turnilo_port = lookup('profile::turnilo::proxy::turnilo_port', { 'default_value' => '9091' }),
) {
require ::profile::analytics::httpd::utils
class { '::httpd':
modules => ['proxy_http', 'proxy', 'auth_basic']
}
ferm::service { 'turnilo-http':
proto => 'tcp',
port => '80',
srange => '$CACHES',
}
profile::idp::client::httpd::site {'turnilo.wikimedia.org':
vhost_content => 'profile/idp/client/httpd-turnilo.erb',
proxied_as_https => true,
vhost_settings => { 'turnilo_port' => $turnilo_port },
required_groups => [
'cn=ops,ou=groups,dc=wikimedia,dc=org',
'cn=wmf,ou=groups,dc=wikimedia,dc=org',
'cn=nda,ou=groups,dc=wikimedia,dc=org',
],
}
profile::auto_restarts::service { 'apache2': }
profile::auto_restarts::service { 'envoyproxy': }
}
|