[Ovirt-devel] [PATCH server] Proxy Guest network VirtualHost to Admin network VirtualHost
Steve Linabery
slinabery at redhat.com
Thu Mar 19 01:35:24 UTC 2009
This change allows mod_auth_kerb to always have the FQDN for authentication.
---
conf/ovirt-server.conf | 30 ++++++++++++++++++++-------
installer/modules/ovirt/manifests/ovirt.pp | 7 ++++++
2 files changed, 29 insertions(+), 8 deletions(-)
diff --git a/conf/ovirt-server.conf b/conf/ovirt-server.conf
index e414f07..bab6f1a 100644
--- a/conf/ovirt-server.conf
+++ b/conf/ovirt-server.conf
@@ -1,5 +1,5 @@
-NameVirtualHost *:80
-<VirtualHost *:80>
+NameVirtualHost GuestNetIpAddress:80
+<VirtualHost GuestNetIpAddress:80>
<Location /ovirt>
RewriteEngine on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
@@ -7,20 +7,34 @@ NameVirtualHost *:80
</VirtualHost>
NameVirtualHost GuestNetIpAddress:443
-NameVirtualHost AdminNetIpAddress:443
-<VirtualHost GuestNetIpAddress:443 AdminNetIpAddress:443>
+NameVirtualHost AdminNetIpAddress:80
- RequestHeader set X_FORWARDED_PROTO 'https'
+<VirtualHost GuestNetIpAddress:443>
- ErrorLog /etc/httpd/logs/error_log
- TransferLog /etc/httpd/logs/access_log
- LogLevel warn
NSSEngine on
NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
NSSProtocol SSLv3,TLSv1
NSSNickname Server-Cert
NSSCertificateDatabase /etc/httpd/alias
+ ErrorLog /etc/httpd/logs/error_log
+ TransferLog /etc/httpd/logs/access_log
+ LogLevel warn
+
+ ProxyPass /ovirt http://AdminNodeFQDN/ovirt
+ ProxyPassReverse /ovirt http://AdminNodeFQDN/ovirt
+
+</VirtualHost>
+
+<VirtualHost AdminNetIpAddress:80>
+
+ ServerAlias AdminNodeFQDN
+ ServerName AdminNodeFQDN:80
+
+ ErrorLog /etc/httpd/logs/error_log
+ TransferLog /etc/httpd/logs/access_log
+ LogLevel warn
+
ProxyRequests Off
<ProxyMatch ^.*/ovirt/login.*$>
diff --git a/installer/modules/ovirt/manifests/ovirt.pp b/installer/modules/ovirt/manifests/ovirt.pp
index 723d758..09b1925 100644
--- a/installer/modules/ovirt/manifests/ovirt.pp
+++ b/installer/modules/ovirt/manifests/ovirt.pp
@@ -34,6 +34,13 @@ class ovirt::setup {
require => Package[ovirt-server]
}
+ file_replacement{"ovirt_httpd_config_change_server_fqdn":
+ file => "/etc/httpd/conf.d/ovirt-server.conf",
+ pattern => "AdminNodeFQDN",
+ replacement => "$ovirt_host",
+ require => Package[ovirt-server]
+ }
+
package {"ovirt-server":
ensure => installed,
require => Single_exec[set_pw_expiration]
--
1.6.0.6
More information about the ovirt-devel
mailing list