cached-virtualhost.conf.in 1.7 KB
Newer Older
1 2 3 4 5 6 7 8 9 10
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
{%- set server_alias_list =  slave_parameter.get('server-alias', '').split() %}
{%- set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES %}
{%- set host_list = [slave_parameter.get('custom_domain')] + server_alias_list %}
{%- set http_backend_host_list = [] %}
{%- set https_backend_host_list = [] %}
{%- for host in host_list %}
{%-   do http_backend_host_list.append('http://%s:%s' % (host, cached_port)) %}
{%-   do https_backend_host_list.append('http://%s:%s' % (host, ssl_cached_port)) %}
{%- endfor %}
11

12
# SSL-disabled backends
13
{{ http_backend_host_list|join(', ') }} {
14
  bind {{ local_ipv4 }}
15 16
  # Compress the output
  gzip
17
{%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
18
    status 501 /
19
{%- endif %}
20 21
# Rewrite part
  proxy / {{ slave_parameter.get('backend_url', '') }} {
22 23 24
    # As backend is trusting REMOTE_USER header unset it always
    header_upstream -REMOTE_USER

25 26
    transparent
    timeout 600s
27 28 29 30
{%- if ssl_proxy_verify %}
{%-   if 'ssl_proxy_ca_crt' in slave_parameter %}
{%-   endif %}
{%- else %}
31
    insecure_skip_verify
32
{%- endif %}
33 34
  }
}
35

36
# SSL-enabled backends
37
{{ https_backend_host_list|join(', ') }} {
38
  bind {{ local_ipv4 }}
39 40
  # Compress the output
  gzip
41
{%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
42
    status 501 /
43
{%- endif %}
44
  proxy / {{ slave_parameter.get('https_backend_url', '') }} {
45 46
    # As backend is trusting REMOTE_USER header unset it always
    header_upstream -REMOTE_USER
47 48
    transparent
    timeout 600s
49 50 51 52
{%- if ssl_proxy_verify %}
{%-   if 'ssl_proxy_ca_crt' in slave_parameter %}
{%-   endif %}
{%- else %}
53
    insecure_skip_verify
54
{%- endif %}
55 56
  }
}