Hi gvde,
Thank you for your input…below find the output of my two files:
Code for 05-foreman.conf
cat /etc/httpd/conf.d/05-foreman.conf
# ************************************
# Vhost template in module puppetlabs-apache
# Managed by Puppet
# ************************************
#
<VirtualHost *:80>
ServerName foreman.localdomain
## Vhost docroot
DocumentRoot "/usr/share/foreman/public"
## Directories, there should at least be a declaration for /usr/share/foreman/public
<Directory "/usr/share/foreman/public">
Options SymLinksIfOwnerMatch
AllowOverride None
Require all granted
</Directory>
## Load additional static includes
IncludeOptional "/etc/httpd/conf.d/05-foreman.d/*.conf"
## Logging
ErrorLog "/var/log/httpd/foreman_error.log"
ServerSignature Off
CustomLog "/var/log/httpd/foreman_access.log" combined
## Request header rules
## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader
RequestHeader set X_FORWARDED_PROTO "http"
RequestHeader set SSL_CLIENT_S_DN ""
RequestHeader set SSL_CLIENT_CERT ""
RequestHeader set SSL_CLIENT_VERIFY ""
RequestHeader unset REMOTE_USER
RequestHeader unset REMOTE_USER_EMAIL
RequestHeader unset REMOTE_USER_FIRSTNAME
RequestHeader unset REMOTE_USER_LASTNAME
RequestHeader unset REMOTE_USER_GROUPS
<Location "/pulp/deb">
RequestHeader unset X-CLIENT-CERT
RequestHeader set X-CLIENT-CERT "%{SSL_CLIENT_CERT}s" env=SSL_CLIENT_CERT
ProxyPass unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content disablereuse=on timeout=600
ProxyPassReverse unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content
</Location>
<Location "/pulp/isos">
RequestHeader unset X-CLIENT-CERT
RequestHeader set X-CLIENT-CERT "%{SSL_CLIENT_CERT}s" env=SSL_CLIENT_CERT
ProxyPass unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content disablereuse=on timeout=600
ProxyPassReverse unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content
</Location>
<Location "/pulp/repos">
RequestHeader unset X-CLIENT-CERT
RequestHeader set X-CLIENT-CERT "%{SSL_CLIENT_CERT}s" env=SSL_CLIENT_CERT
ProxyPass unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content disablereuse=on timeout=600
ProxyPassReverse unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content
</Location>
Alias /pub /var/www/html/pub
<Location /pub>
<IfModule mod_passenger.c>
PassengerEnabled off
</IfModule>
Options +FollowSymLinks +Indexes
Require all granted
</Location>
<Location "/pulp/content">
RequestHeader unset X-CLIENT-CERT
RequestHeader set X-CLIENT-CERT "%{SSL_CLIENT_CERT}s" env=SSL_CLIENT_CERT
ProxyPass unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content disablereuse=on timeout=600
ProxyPassReverse unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content
</Location>
## Proxy rules
ProxyRequests Off
ProxyPreserveHost On
ProxyAddHeaders On
ProxyPass /pulp !
ProxyPass /pulp2 !
ProxyPass /streamer !
ProxyPass /pub !
ProxyPass /icons !
ProxyPass / unix:///run/foreman.sock|http://foreman/ retry=0 timeout=900
ProxyPassReverse / unix:///run/foreman.sock|http://foreman/
## Rewrite rules
RewriteEngine On
#Upgrade Websocket connections
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) unix:///run/foreman.sock|ws://foreman/$1 [P,L]
## Server aliases
ServerAlias foreman
## Custom fragment
# Return compressed assets if they are precompiled
<IfModule mod_rewrite.c>
RewriteEngine on
# Make sure the browser supports gzip encoding and file with .gz added
# does exist on disc before we rewrite with the extension
RewriteCond %{HTTP:Accept-Encoding} \b(x-)?gzip\b
RewriteCond %{REQUEST_FILENAME} \.(css|js|svg)$
RewriteCond %{REQUEST_FILENAME}.gz -s
RewriteRule ^(.+) $1.gz [L]
# Set headers for all possible assets which are compressed
<FilesMatch \.css\.gz$>
ForceType text/css
Header set Content-Encoding gzip
SetEnv no-gzip
</FilesMatch>
<FilesMatch \.js\.gz$>
ForceType text/javascript
Header set Content-Encoding gzip
SetEnv no-gzip
</FilesMatch>
<FilesMatch \.svg\.gz$>
ForceType image/svg+xml
Header set Content-Encoding gzip
SetEnv no-gzip
</FilesMatch>
</IfModule>
<LocationMatch "^/(assets|webpack)">
Options SymLinksIfOwnerMatch
AllowOverride None
Require all granted
# Use standard http expire header for assets instead of ETag
<IfModule mod_expires.c>
Header unset ETag
FileETag None
ExpiresActive On
ExpiresDefault "access plus 1 year"
</IfModule>
</LocationMatch>
AddDefaultCharset UTF-8
</VirtualHost>
Code for 05-foreman-ssl.conf
cat /etc/httpd/conf.d/05-foreman-ssl.conf
# ************************************
# Vhost template in module puppetlabs-apache
# Managed by Puppet
# ************************************
#
<VirtualHost *:443>
ServerName foreman.localdomain
## Vhost docroot
DocumentRoot "/usr/share/foreman/public"
## Directories, there should at least be a declaration for /usr/share/foreman/public
<Directory "/usr/share/foreman/public">
Options SymLinksIfOwnerMatch
AllowOverride None
Require all granted
</Directory>
## Load additional static includes
IncludeOptional "/etc/httpd/conf.d/05-foreman-ssl.d/*.conf"
## Logging
ErrorLog "/var/log/httpd/foreman-ssl_error_ssl.log"
ServerSignature Off
CustomLog "/var/log/httpd/foreman-ssl_access_ssl.log" combined
## Request header rules
## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader
RequestHeader set X_FORWARDED_PROTO "https"
RequestHeader set SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}s"
RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
RequestHeader set SSL_CLIENT_VERIFY "%{SSL_CLIENT_VERIFY}s"
RequestHeader unset REMOTE_USER
RequestHeader unset REMOTE_USER_EMAIL
RequestHeader unset REMOTE_USER_FIRSTNAME
RequestHeader unset REMOTE_USER_LASTNAME
RequestHeader unset REMOTE_USER_GROUPS
# SSL Proxy directives
SSLProxyEngine On
ProxyPass /pulp_ansible/galaxy/ unix:///run/pulpcore-api.sock|http://pulpcore-api/pulp_ansible/galaxy/
ProxyPassReverse /pulp_ansible/galaxy/ unix:///run/pulpcore-api.sock|http://pulpcore-api/pulp_ansible/galaxy/
<Location "/pulpcore_registry/v2/">
RequestHeader unset REMOTE_USER
RequestHeader set REMOTE_USER "%{SSL_CLIENT_S_DN_CN}s" env=SSL_CLIENT_S_DN_CN
ProxyPass unix:///run/pulpcore-api.sock|http://pulpcore-api/v2/
ProxyPassReverse unix:///run/pulpcore-api.sock|http://pulpcore-api/v2/
</Location>
ProxyPass /pulp/container/ unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/container/
ProxyPassReverse /pulp/container/ unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/container/
<Location "/pulp/deb">
RequestHeader unset X-CLIENT-CERT
RequestHeader set X-CLIENT-CERT "%{SSL_CLIENT_CERT}s" env=SSL_CLIENT_CERT
ProxyPass unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content disablereuse=on timeout=600
ProxyPassReverse unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content
</Location>
<Location "/pulp/isos">
RequestHeader unset X-CLIENT-CERT
RequestHeader set X-CLIENT-CERT "%{SSL_CLIENT_CERT}s" env=SSL_CLIENT_CERT
ProxyPass unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content disablereuse=on timeout=600
ProxyPassReverse unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content
</Location>
<Location "/pulp/repos">
RequestHeader unset X-CLIENT-CERT
RequestHeader set X-CLIENT-CERT "%{SSL_CLIENT_CERT}s" env=SSL_CLIENT_CERT
ProxyPass unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content disablereuse=on timeout=600
ProxyPassReverse unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content
</Location>
Alias /pub /var/www/html/pub
<Location /pub>
<IfModule mod_passenger.c>
PassengerEnabled off
</IfModule>
Options +FollowSymLinks +Indexes
Require all granted
</Location>
<Location "/pulp/content">
RequestHeader unset X-CLIENT-CERT
RequestHeader set X-CLIENT-CERT "%{SSL_CLIENT_CERT}s" env=SSL_CLIENT_CERT
ProxyPass unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content disablereuse=on timeout=600
ProxyPassReverse unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content
</Location>
<Location "/pulp/api/v3">
RequestHeader unset REMOTE_USER
RequestHeader set REMOTE_USER "%{SSL_CLIENT_S_DN_CN}s" env=SSL_CLIENT_S_DN_CN
RequestHeader set REMOTE_USER "admin" "expr=%{SSL_CLIENT_S_DN_CN} == 'sjglcsappprdg15.na.gilead.com'"
ProxyPass unix:///run/pulpcore-api.sock|http://pulpcore-api/pulp/api/v3 timeout=600
ProxyPassReverse unix:///run/pulpcore-api.sock|http://pulpcore-api/pulp/api/v3
</Location>
ProxyPass /pulp/assets/ unix:///run/pulpcore-api.sock|http://pulpcore-api/pulp/assets/
ProxyPassReverse /pulp/assets/ unix:///run/pulpcore-api.sock|http://pulpcore-api/pulp/assets/
## Proxy rules
ProxyRequests Off
ProxyPreserveHost On
ProxyAddHeaders On
ProxyPass /pulp !
ProxyPass /pulp2 !
ProxyPass /streamer !
ProxyPass /pub !
ProxyPass /icons !
ProxyPass / unix:///run/foreman.sock|http://foreman/ retry=0 timeout=900
ProxyPassReverse / unix:///run/foreman.sock|http://foreman/
## Rewrite rules
RewriteEngine On
#Upgrade Websocket connections
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) unix:///run/foreman.sock|ws://foreman/$1 [P,L]
## Server aliases
ServerAlias foreman
## SSL directives
SSLEngine on
SSLCertificateFile "/etc/pki/katello/certs/katello-apache.crt"
SSLCertificateKeyFile "/etc/pki/katello/private/katello-apache.key"
SSLCertificateChainFile "/etc/pki/katello/certs/katello-server-ca.crt"
SSLVerifyClient optional
SSLVerifyDepth 3
SSLCACertificateFile "/etc/pki/katello/certs/katello-default-ca.crt"
SSLOptions +StdEnvVars +ExportCertData
## Custom fragment
# Return compressed assets if they are precompiled
<IfModule mod_rewrite.c>
RewriteEngine on
# Make sure the browser supports gzip encoding and file with .gz added
# does exist on disc before we rewrite with the extension
RewriteCond %{HTTP:Accept-Encoding} \b(x-)?gzip\b
RewriteCond %{REQUEST_FILENAME} \.(css|js|svg)$
RewriteCond %{REQUEST_FILENAME}.gz -s
RewriteRule ^(.+) $1.gz [L]
# Set headers for all possible assets which are compressed
<FilesMatch \.css\.gz$>
ForceType text/css
Header set Content-Encoding gzip
SetEnv no-gzip
</FilesMatch>
<FilesMatch \.js\.gz$>
ForceType text/javascript
Header set Content-Encoding gzip
SetEnv no-gzip
</FilesMatch>
<FilesMatch \.svg\.gz$>
ForceType image/svg+xml
Header set Content-Encoding gzip
SetEnv no-gzip
</FilesMatch>
</IfModule>
<LocationMatch "^/(assets|webpack)">
Options SymLinksIfOwnerMatch
AllowOverride None
Require all granted
# Use standard http expire header for assets instead of ETag
<IfModule mod_expires.c>
Header unset ETag
FileETag None
ExpiresActive On
ExpiresDefault "access plus 1 year"
</IfModule>
</LocationMatch>
AddDefaultCharset UTF-8
</VirtualHost>