Commit e7e4d359 authored by Jonathan Passerat-Palmbach's avatar Jonathan Passerat-Palmbach
Browse files

Set up proxying through nginx

parent c81c185b
# Licensed to Biomedical Imaging Group Rotterdam under one or more contributor
# license agreements. Biomedical Imaging Group Rotterdam licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
define init_apache (
$apache_port,
$apache_mail_address
)
{
class {"apache":
default_vhost => false
}
require apache::mod::proxy
require apache::mod::proxy_ajp
$apache_service = "${apache::service_name}"
apache::listen { $apache_port: } ->
file { "write apache conf":
path => "${apache::vhost_dir}/xnat.conf",
ensure => present,
content => template("xnat/xnat.conf.erb"),
mode => '644',
} ->
# enable xnat site
exec { "enable XNAT site in apache":
command => "a2ensite xnat",
onlyif => "test \"${apache::service_name}\" = \"apache2\""
} ->
# restart httpd (apache service enable does not restart)
exec { "restart ${apache::service_name}":
command => "service ${apache::service_name} restart"
}
}
......@@ -23,8 +23,6 @@ define xnat::xnatapp (
$tomcat_web_user,
$tomcat_web_password,
$tomcat_port,
$apache_port,
$apache_mail_address,
$xnat_version,
$java_opts,
$catalina_tmp_dir,
......@@ -54,9 +52,8 @@ define xnat::xnatapp (
# $tomcat_root = "/usr/share/tomcat7"
$installer_dir = "/home/$system_user/xnat"
# FIXME problematic with vagrant -> accessing XNAT through localhost gets replaced
# by VM's IP (not routed) beyond login page
$xnat_url = "http://${::ipaddress}:$apache_port/"
# FIXME change 8080 to tomcat_port
$xnat_url = "http://localhost:8080"
# Add to paths. Could use absolute paths, but some external modules don't do this anyway.
Exec { path => '/usr/bin:/bin:/usr/sbin:/sbin' }
......@@ -71,22 +68,21 @@ define xnat::xnatapp (
} ->
class { 'epel': }->
tomcat::instance{ 'default':
package_name => "$tomcat_version",
}->
tomcat::service { 'default':
use_jsvc => false,
use_init => true,
service_name => "$tomcat_version",
package_name => "$tomcat_version",
catalina_home => "/usr/share/${tomcat_version}",
catalina_base => "/var/lib/${tomcat_version}",
}
# tomcat::config::server { 'default':
} ->
#tomcat::config::server { 'default':
# port => $tomcat_port,
#}
#tomcat::config::server::connector { 'default':
# port => $tomcat_port,
# notify => Service['tomcat7'],
#}
#} ->
tomcat::service { 'default':
use_jsvc => false,
use_init => true,
service_name => "$tomcat_version",
}
# tomcat { "install tomcat":
#TODO can we configure web user/pwd? + remaining conf in original tomcat.pp
# tomcat_web_user => $tomcat_web_user,
......@@ -170,10 +166,26 @@ define xnat::xnatapp (
### Proxy Tomcat through HTTP server ###
# FIXME not working -> replace with Nginx
init_apache { "initialize apache proxy":
apache_port => $apache_port,
apache_mail_address => $apache_mail_address
class { 'nginx': }
nginx::resource::upstream { 'nginx-proxy':
members => [
"localhost:8080"
],
}
nginx::resource::vhost { 'nginx-proxy':
ssl => true,
# the next 2 lines disable http access
ssl_port => 443,
listen_port => 443,
ssl_cert => 'puppet:///modules/xnat/etc/ssl/certs/xnat.crt',
ssl_key => 'puppet:///modules/xnat/etc/ssl/private/xnat.key',
proxy => "http://localhost:8080",
proxy_redirect => 'default',
rewrite_to_https => true,
location_cfg_append => { 'proxy_redirect' => 'http:// https://',
'proxy_set_header' => 'Host $http_host'}
}
}
NameVirtualHost *:<%= @apache_port %>
<VirtualHost *:<%= @apache_port %>>
ServerName <%= @ipaddress %>
ServerAlias <%= @ipaddress %>
ServerAdmin <%= @apache_mail_address %>
ErrorLog /var/log/<%= @apache_service %>/<%= @instance_name %>.log
CustomLog /var/log/<%= @apache_service %>/<%= @instance_name %>.log combined
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
</VirtualHost>
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment