[Ovirt-devel] [PATCH server] Switch ovirt appliance httpd conf to use ssl, redirect http to https.
Steve Linabery
slinabery at redhat.com
Tue Feb 24 16:29:03 UTC 2009
---
conf/ovirt-server.conf | 20 +++++++++++++++++++-
installer/modules/ovirt/manifests/ovirt.pp | 15 +++++++++++++++
2 files changed, 34 insertions(+), 1 deletions(-)
diff --git a/conf/ovirt-server.conf b/conf/ovirt-server.conf
index 7ab77b4..1d8cb7a 100644
--- a/conf/ovirt-server.conf
+++ b/conf/ovirt-server.conf
@@ -1,6 +1,24 @@
NameVirtualHost *:80
<VirtualHost *:80>
-ProxyRequests Off
+ RewriteEngine on
+ RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
+</VirtualHost>
+
+NameVirtualHost 192.168.50.2:443
+<VirtualHost 192.168.50.2:443>
+
+ RequestHeader set X_FORWARDED_PROTO 'https'
+
+ ErrorLog /etc/httpd/logs/error_log
+ TransferLog /etc/httpd/logs/access_log
+ LogLevel warn
+ NSSEngine on
+ NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
+ NSSProtocol SSLv3,TLSv1
+ NSSNickname Server-Cert
+ NSSCertificateDatabase /etc/httpd/alias
+
+ ProxyRequests Off
<ProxyMatch ^.*/ovirt/login.*$>
AuthType Kerberos
diff --git a/installer/modules/ovirt/manifests/ovirt.pp b/installer/modules/ovirt/manifests/ovirt.pp
index c81b6f2..c34eae0 100644
--- a/installer/modules/ovirt/manifests/ovirt.pp
+++ b/installer/modules/ovirt/manifests/ovirt.pp
@@ -20,6 +20,21 @@
class ovirt::setup {
+ #until ace offers a global replacement, we need to change each
+ #occurrence of the ip address in the httpd conf file
+ file_replacement{"ovirt_httpd_config_change_1":
+ file => "/etc/httpd/conf.d/ovirt-server.conf",
+ pattern => "192\.168\.50\.2",
+ replacement => "$mgmt_ipaddr",
+ require => Package[ovirt-server]
+ }
+ file_replacement{"ovirt_httpd_config_change_2":
+ file => "/etc/httpd/conf.d/ovirt-server.conf",
+ pattern => "192\.168\.50\.2",
+ replacement => "$mgmt_ipaddr",
+ require => Package[ovirt-server]
+ }
+
package {"ovirt-server":
ensure => installed,
require => Single_exec[set_pw_expiration]
--
1.6.0.6
More information about the ovirt-devel
mailing list