Added the possibility to create a proxy through the CA

Author: Maxime VISONNEAU

manifests/server.pp

@@ -159,6 +159,7 @@
   $storeconfigs      = undef,
   $package           = $puppet::params::master_package,
   $tagmail           = {}
+  $external_ca       = undef,
 ) inherits puppet::params {
 
   validate_bool($ca)

manifests/server/unicorn.pp

@@ -59,6 +59,25 @@
     ],
   }
 
+  if ! empty( $::puppet::server::external_ca )
+  {
+    nginx::resource::location { 'external_certificate_authority_proxy':
+      ensure              => present,
+      location            => '~ ^/.*/certificate.*',
+      vhost               => 'puppetmaster',
+      proxy_set_header    => [],
+      location_custom_cfg => {
+        proxy_pass            => $::puppet::server::external_ca,
+        proxy_redirect        => 'off',
+        proxy_connect_timeout => '90',
+        proxy_read_timeout    => '300',
+      },
+      # this priority sets concat order so that the location is created inside
+      # the server block. This works around a possible bug in jfryman/nginx.
+      priority            => 700,
+    }
+  }
+
   unicorn::app { 'puppetmaster':
     approot     => $::puppet::params::puppet_confdir,
     config_file => "${::puppet::params::puppet_confdir}/unicorn.conf",