From b8d2dda4698449686fe876c37d3a909fd4ba2f51 Mon Sep 17 00:00:00 2001
From: Michael Krause <michael.krause@publicispixelpark.de>
Date: Wed, 18 Jul 2018 18:01:27 +0200
Subject: [PATCH] testing apache proxy

---
 .../test-confluence01.pixelpark.net.yaml      | 61 ++++++++++++++++---
 1 file changed, 52 insertions(+), 9 deletions(-)

diff --git a/customer/pixelpark/test-confluence01.pixelpark.net.yaml b/customer/pixelpark/test-confluence01.pixelpark.net.yaml
index 2d6c1ad6..c089b211 100644
--- a/customer/pixelpark/test-confluence01.pixelpark.net.yaml
+++ b/customer/pixelpark/test-confluence01.pixelpark.net.yaml
@@ -11,12 +11,55 @@ accounts::users:
 # custom-admins
 
 infra::role: base
-httpd::webserver:
-  test-confluence01.pixelpark.net:
-    modules:
-      - proxy_ajp
-    listens:
-      - 0.0.0.0:80
-      - 0.0.0.0:443
-    extendedStatus: true
-    worker: true
\ No newline at end of file
+infra::additional_classes:
+  - infra::profile::apache
+  - apache::mod::proxy_http
+
+infra::profile::apache::pp_vhosts:
+  extranet:
+    docroot: /var/www/test-confluence
+    servername: test-confluence01.pixelpark.net # wenn fertig umgezogen
+    cert_servername: 'wildcard.pixelpark.net'
+    cert_customer: 'pixelpark'
+    ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+    ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem'
+    ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+    ssl_proxyengine: true
+    proxy_preserve_host: true
+    docroot_owner: apache
+    docroot_group: apache
+    docroot_mode: '2775'
+    directories:
+      - directory_root:
+        provider: directory
+        path: '/var/www/test-confluence'
+        options:
+          - FollowSymLinks
+          - MultiViews
+        allow_override:
+          - All
+        directoryindex: index.html
+    proxy_pass:
+      - { path: /server-status, url: '!' }
+      - { path: /server-info, url: '!' }
+      - { path: /confluence, url: 'http://test-confluence01.pixelpark.net:8090/confluence' }
+      - { path: /synchrony, url: 'http://test-confluence01.pixelpark.net:8091/synchrony' }
+
+    headers_ssl:
+      - always set Strict-Transport-Security "max-age=31556926"
+    rewrites:
+      - comment: 'switch to https'
+        rewrite_cond:
+          - '%%{ich-trickse}{HTTPS} !=on [NC]'
+        rewrite_rule:
+          - ^(.*)$ https://%%{ich-trickse}{HTTP_HOST}$1 [R=301,L]
+      - comment: 'Rewrite from / to /confluence'
+        rewrite_rule:
+          - ^(/?)$ /confluence/ [R=301,L]
+      - comment: 'synchrony'
+        rewrite_cond:
+          - '%HTTP:UPGRADE} ^WebSocket$ [NC]'
+          - '%{HTTP:CONNECTION} Upgrade$ [NC]'
+      - comment: 'synchrony die zweite'
+        rewrite_rule:
+          - .* ws://test-confluence01.pixelpark.net:8091%{REQUEST_URI} [P]
\ No newline at end of file
-- 
2.39.5