From debc086adb591179678be8908320671129d5ecfe Mon Sep 17 00:00:00 2001 From: Michael Speth Date: Fri, 4 Apr 2014 10:23:14 +1300 Subject: [PATCH 1/4] Added WSGIPassAuthorization option to vhost. --- manifests/vhost.pp | 1 + templates/vhost/_wsgi.erb | 3 +++ 2 files changed, 4 insertions(+) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 24b782e76..f2e736cbf 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -167,6 +167,7 @@ $wsgi_import_script_options = undef, $wsgi_process_group = undef, $wsgi_script_aliases = undef, + $wsgi_pass_authorization = undef, $custom_fragment = undef, $itk = undef, $action = undef, diff --git a/templates/vhost/_wsgi.erb b/templates/vhost/_wsgi.erb index 474c30ff1..473b223ab 100644 --- a/templates/vhost/_wsgi.erb +++ b/templates/vhost/_wsgi.erb @@ -19,3 +19,6 @@ <%- end -%> <%- end -%> <% end -%> +<% if @wsgi_pass_authorization -%> + WSGIPassAuthorization <%= @wsgi_pass_authorization %> +<% end -%> From 920df08fc87c065e477c86ed42d6fa3734228804 Mon Sep 17 00:00:00 2001 From: Michael Speth Date: Mon, 7 Apr 2014 10:08:52 +1200 Subject: [PATCH 2/4] Added The ProxyPreserveHost option to vhosts. --- manifests/vhost.pp | 1 + templates/vhost/_proxy.erb | 3 +++ 2 files changed, 4 insertions(+) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index f2e736cbf..579748233 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -144,6 +144,7 @@ $php_admin_flags = [], $php_admin_values = [], $no_proxy_uris = [], + $proxy_preserve_host = false, $redirect_source = '/', $redirect_dest = undef, $redirect_status = undef, diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 7e0221f95..2c5e24ede 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -3,6 +3,9 @@ ## Proxy rules ProxyRequests Off <%- end -%> +<% if @proxy_preserve_host %> + ProxyPreserveHost On +<% end %> <% [@proxy_pass].flatten.compact.each do |proxy| %> ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> > From 8481e7de122040d0db691cec6620c9de97534333 Mon Sep 17 00:00:00 2001 From: Michael Speth Date: Mon, 7 Apr 2014 19:00:31 +1200 Subject: [PATCH 3/4] Updated readme with WSGIPassAuthorization information, updated spec and rspec tests for WSGIPassAuthorization. --- README.md | 4 +++- spec/acceptance/vhost_spec.rb | 3 +++ spec/defines/vhost_spec.rb | 6 ++++++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 98cebb9a9..a2b328a5d 100644 --- a/README.md +++ b/README.md @@ -1031,7 +1031,7 @@ Sets up a virtual host with a wildcard alias subdomain mapped to a directory wit } ``` -#####`wsgi_daemon_process`, `wsgi_daemon_process_options`, `wsgi_process_group`, & `wsgi_script_aliases` +#####`wsgi_daemon_process`, `wsgi_daemon_process_options`, `wsgi_process_group`, `wsgi_script_aliases`, & `wsgi_pass_authorization` Set up a virtual host with [WSGI](https://code.google.com/p/modwsgi/). @@ -1043,6 +1043,8 @@ Set up a virtual host with [WSGI](https://code.google.com/p/modwsgi/). `wsgi_script_aliases` requires a hash of web paths to filesystem .wsgi paths. Defaults to 'undef'. +`wsgi_pass_authorization` the WSGI application handles authorisation instead of Apache when set to 'On'. For more information see [here] (http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html). Defaults to 'undef' where apache will set the defaults setting to 'Off'. + To set up a virtual host with WSGI ```puppet diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 72294e2ea..7b4deac84 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -937,6 +937,7 @@ class { 'apache::mod::wsgi': } wsgi_daemon_process_options => {processes => '2'}, wsgi_process_group => 'nobody', wsgi_script_aliases => { '/test' => '/test1' }, + wsgi_pass_authorization => 'On', } EOS apply_manifest(pp, :catch_failures => true) @@ -956,6 +957,7 @@ class { 'apache::mod::wsgi': } wsgi_import_script_options => { application-group => '%{GLOBAL}', process-group => 'wsgi' }, wsgi_process_group => 'nobody', wsgi_script_aliases => { '/test' => '/test1' }, + wsgi_pass_authorization => 'On', } EOS apply_manifest(pp, :catch_failures => true) @@ -968,6 +970,7 @@ class { 'apache::mod::wsgi': } it { should contain 'WSGIImportScript /test1 application-group=%{GLOBAL} process-group=wsgi' } it { should contain 'WSGIProcessGroup nobody' } it { should contain 'WSGIScriptAlias /test "/test1"' } + it { should contain 'WSGIPassAuthorization On' } end end diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 234fdbd0b..f3244cd65 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -607,6 +607,12 @@ :value => '%{GLOBAL}', :match => [/^ WSGIApplicationGroup %{GLOBAL}$/], }, + { + :title => 'should accept a wsgi pass authorization', + :attr => 'wsgi_pass_authorization', + :value => 'On', + :match => [/^ WSGIPassAuthorization On$/], + }, { :title => 'should contain environment variables', :attr => 'access_log_env_var', From 16e8c500ad008b98e4a6bc9b89403448370f5696 Mon Sep 17 00:00:00 2001 From: Michael Speth Date: Thu, 10 Apr 2014 12:07:17 +1200 Subject: [PATCH 4/4] added documentation and test for ProxyPreserveHost option --- README.md | 4 ++++ manifests/vhost.pp | 1 + spec/acceptance/vhost_spec.rb | 2 ++ spec/defines/vhost_spec.rb | 8 +++++++- 4 files changed, 14 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a2b328a5d..654423f5b 100644 --- a/README.md +++ b/README.md @@ -759,6 +759,10 @@ Specifies the verbosity of the error log. Defaults to 'warn' for the global serv Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with [`proxy_dest`](#proxy_dest). +#####`proxy_preserve_host` + +Sets the [ProxyPreserveHost Directive](http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypreservehost). true Enables the Host: line from an incoming request to be proxied to the host instead of hostname . false sets this option to off (default). + #####`options` Sets the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) for the specified virtual host. Defaults to '['Indexes','FollowSymLinks','MultiViews']', as demonstrated below: diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 579748233..21f9907aa 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -478,6 +478,7 @@ # proxy fragment: # - $proxy_dest # - $no_proxy_uris + # - $proxy_preserve_host (true to set ProxyPreserveHost to on and false to off # rack fragment: # - $rack_base_uris # redirect fragment: diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 7b4deac84..7a2874920 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -102,6 +102,7 @@ class { 'apache': } proxy_pass => [ { 'path' => '/foo', 'url' => 'http://backend-foo/'}, ], + proxy_preserve_host => true, } EOS apply_manifest(pp, :catch_failures => true) @@ -111,6 +112,7 @@ class { 'apache': } it { should contain '' } it { should contain "ServerName proxy.example.com" } it { should contain "ProxyPass" } + it { should contain "ProxyPreserveHost On" } it { should_not contain "" } end end diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index f3244cd65..b6c48a86c 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -608,11 +608,17 @@ :match => [/^ WSGIApplicationGroup %{GLOBAL}$/], }, { - :title => 'should accept a wsgi pass authorization', + :title => 'should set wsgi pass authorization', :attr => 'wsgi_pass_authorization', :value => 'On', :match => [/^ WSGIPassAuthorization On$/], }, + { + :title => 'should set wsgi pass authorization false', + :attr => 'wsgi_pass_authorization', + :value => 'Off', + :match => [/^ WSGIPassAuthorization Off$/], + }, { :title => 'should contain environment variables', :attr => 'access_log_env_var',