CONFIGURAÇÃO DE PROXY NO PUPPET

# proxy reverso aplicacoes Jboss - No 1

#haproxy::defaults::options:
#  log: '10.1.3.XX local1'

####################
# Nginx - producao #
####################

nginx::nginx_vhosts:

  'HOSTDAAPLICACAOleghttp':
    ensure: present
    server_name: ['~^HOSTDAAPLICACAO\.camara\.leg\.br']
    listen_ip: ['10.1.3.99']
    listen_port: 80
    vhost_cfg_append: {
      'rewrite': '^ https://HOSTDAAPLICACAO.camara.leg.br$request_uri?'
    }
    use_default_location: false
  'HOSTDAAPLICACAOleghttps':
    ensure: present
    server_name: ['~^HOSTDAAPLICACAO\.camara\.leg\.br']
    listen_ip: ['10.1.3.99']
    listen_port: 443
    ssl: true
    ssl_port: 443
    ssl_cert: '/etc/ca-certificates/camara.leg.br/wildcard-leg.crt'
    ssl_key:  '/etc/ca-certificates/camara.leg.br/wildcard-leg.key'
    access_log: '/var/log/nginx/HOSTDAAPLICACAO.camara.leg.br.https.access.log'
    format_log: 'main'
    client_max_body_size: '1000M'
    proxy_connect_timeout: '180'
    proxy_read_timeout: '180'
    proxy_set_header:
      - 'Host             $host'
      - 'X-Real-IP        $remote_addr'
      - 'X-Forwarded-For  $proxy_add_x_forwarded_for'
    vhost_cfg_append: {
      'proxy_buffer_size': '32k',
      'proxy_send_timeout': '180',
      'proxy_buffers': '4 32k',
      'proxy_ignore_client_abort': 'off',
      'proxy_busy_buffers_size': '64k',
      'proxy_max_temp_file_size': '0'
    }
    use_default_location: false


nginx::nginx_locations:

  'HOSTDAAPLICACAOraiz':
    ensure: present
    location: '/'
    ssl: true
    ssl_only: true
    vhost: HOSTDAAPLICACAOleghttps
    proxy: 'http://127.0.0.1:11025'
    location_cfg_append: {
      'rewrite': '^ https://$host/NOMEDAAPLICACAO$request_uri?'
    }
  'sepad2aplicacao':
    ensure: present
    location: '/NOMEDAAPLICACAO'
    ssl: true
    ssl_only: true
    vhost: HOSTDAAPLICACAOleghttps
    proxy: 'http://127.0.0.1:11025'
    location_cfg_append: {
      'limit_conn': 'perip 8',
      'limit_rate': '5m'
    }

########################
# Haproxy - especifico #
########################

haproxy::frontend:

  'frontend_HOSTDAAPLICACAO':
    ipaddress: '127.0.0.1'
    ports: '11025'
    options:
      capture: 'request header X-Forwarded-For len 50'
      maxconn: '600'
      default_backend: 'backend_HOSTDAAPLICACAO'

haproxy::backend:

  'backend_HOSTDAAPLICACAO':
    options:
      option:Confi
        - 'httpchk OPTIONS /'
      cookie: 'JSESSIONID prefix'

haproxy::balancermember:

  'HOSTDAAPLICACAOn1':
    listening_service: 'backend_HOSTDAAPLICACAO'
    server_names: ['HOSTDAAPLICACAOn1']
    ipaddresses: ['HOSTDAAPLICACAOn1.camara.gov.br']
    ports: ['8080']
    options: 'cookie HOSTDAAPLICACAOn1 inter 2000 rise 2 fall 5'
  'HOSTDAAPLICACAOn2':
    listening_service: 'backend_HOSTDAAPLICACAO'
    server_names: ['HOSTDAAPLICACAOn2']
    ipaddresses: ['HOSTDAAPLICACAOn2.camara.gov.br']
    ports: ['8080']

    options: 'cookie HOSTDAAPLICACAOn2 inter 2000 rise 2 fall 5'