diff --git a/README.md b/README.md index 3f5fbfeca..522348ad5 100644 --- a/README.md +++ b/README.md @@ -768,6 +768,10 @@ Specifies the verbosity of the error log. Defaults to 'warn' for the global serv Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with [`proxy_dest`](#proxy_dest). +#####`proxy_preserve_host` + +Sets the [ProxyPreserveHost Directive](http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypreservehost). true Enables the Host: line from an incoming request to be proxied to the host instead of hostname . false sets this option to off (default). + #####`options` Sets the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) for the specified virtual host. Defaults to '['Indexes','FollowSymLinks','MultiViews']', as demonstrated below: @@ -1040,7 +1044,7 @@ Sets up a virtual host with a wildcard alias subdomain mapped to a directory wit } ``` -#####`wsgi_daemon_process`, `wsgi_daemon_process_options`, `wsgi_process_group`, & `wsgi_script_aliases` +#####`wsgi_daemon_process`, `wsgi_daemon_process_options`, `wsgi_process_group`, `wsgi_script_aliases`, & `wsgi_pass_authorization` Set up a virtual host with [WSGI](https://code.google.com/p/modwsgi/). @@ -1052,6 +1056,8 @@ Set up a virtual host with [WSGI](https://code.google.com/p/modwsgi/). `wsgi_script_aliases` requires a hash of web paths to filesystem .wsgi paths. Defaults to 'undef'. +`wsgi_pass_authorization` the WSGI application handles authorisation instead of Apache when set to 'On'. For more information see [here] (http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html). Defaults to 'undef' where apache will set the defaults setting to 'Off'. + To set up a virtual host with WSGI ```puppet diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 45897e8e0..bb3cffcf4 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -135,6 +135,7 @@ $php_admin_flags = [], $php_admin_values = [], $no_proxy_uris = [], + $proxy_preserve_host = false, $redirect_source = '/', $redirect_dest = undef, $redirect_status = undef, @@ -158,6 +159,7 @@ $wsgi_import_script_options = undef, $wsgi_process_group = undef, $wsgi_script_aliases = undef, + $wsgi_pass_authorization = undef, $custom_fragment = undef, $itk = undef, $action = undef, @@ -478,6 +480,7 @@ # proxy fragment: # - $proxy_dest # - $no_proxy_uris + # - $proxy_preserve_host (true to set ProxyPreserveHost to on and false to off # rack fragment: # - $rack_base_uris # redirect fragment: diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 34778cc04..61de50a8a 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -102,6 +102,7 @@ class { 'apache': } proxy_pass => [ { 'path' => '/foo', 'url' => 'http://backend-foo/'}, ], + proxy_preserve_host => true, } EOS apply_manifest(pp, :catch_failures => true) @@ -111,6 +112,7 @@ class { 'apache': } it { should contain '' } it { should contain "ServerName proxy.example.com" } it { should contain "ProxyPass" } + it { should contain "ProxyPreserveHost On" } it { should_not contain "" } end end @@ -940,6 +942,7 @@ class { 'apache::mod::wsgi': } wsgi_daemon_process_options => {processes => '2'}, wsgi_process_group => 'nobody', wsgi_script_aliases => { '/test' => '/test1' }, + wsgi_pass_authorization => 'On', } EOS apply_manifest(pp, :catch_failures => true) @@ -959,6 +962,7 @@ class { 'apache::mod::wsgi': } wsgi_import_script_options => { application-group => '%{GLOBAL}', process-group => 'wsgi' }, wsgi_process_group => 'nobody', wsgi_script_aliases => { '/test' => '/test1' }, + wsgi_pass_authorization => 'On', } EOS apply_manifest(pp, :catch_failures => true) @@ -971,6 +975,7 @@ class { 'apache::mod::wsgi': } it { should contain 'WSGIImportScript /test1 application-group=%{GLOBAL} process-group=wsgi' } it { should contain 'WSGIProcessGroup nobody' } it { should contain 'WSGIScriptAlias /test "/test1"' } + it { should contain 'WSGIPassAuthorization On' } end end diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index efdeaae57..152c701a8 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -607,6 +607,18 @@ :value => '%{GLOBAL}', :match => [/^ WSGIApplicationGroup %{GLOBAL}$/], }, + { + :title => 'should set wsgi pass authorization', + :attr => 'wsgi_pass_authorization', + :value => 'On', + :match => [/^ WSGIPassAuthorization On$/], + }, + { + :title => 'should set wsgi pass authorization false', + :attr => 'wsgi_pass_authorization', + :value => 'Off', + :match => [/^ WSGIPassAuthorization Off$/], + }, { :title => 'should contain environment variables', :attr => 'access_log_env_var', diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 7e0221f95..2c5e24ede 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -3,6 +3,9 @@ ## Proxy rules ProxyRequests Off <%- end -%> +<% if @proxy_preserve_host %> + ProxyPreserveHost On +<% end %> <% [@proxy_pass].flatten.compact.each do |proxy| %> ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> > diff --git a/templates/vhost/_wsgi.erb b/templates/vhost/_wsgi.erb index 474c30ff1..473b223ab 100644 --- a/templates/vhost/_wsgi.erb +++ b/templates/vhost/_wsgi.erb @@ -19,3 +19,6 @@ <%- end -%> <%- end -%> <% end -%> +<% if @wsgi_pass_authorization -%> + WSGIPassAuthorization <%= @wsgi_pass_authorization %> +<% end -%>