From 2053ae2d3131b25cede1d53b156d6dd84985905e Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Tue, 6 Jan 2015 19:23:43 +0000
Subject: [PATCH] Turn on httpd_can_network_connect for reverseproxy.

---
 roles/httpd/proxy/tasks/main.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/roles/httpd/proxy/tasks/main.yml b/roles/httpd/proxy/tasks/main.yml
index ff852a966a..f6111c89dc 100644
--- a/roles/httpd/proxy/tasks/main.yml
+++ b/roles/httpd/proxy/tasks/main.yml
@@ -40,3 +40,13 @@
   tags:
   - httpd
   - httpd/proxy
+
+- name: Turn on certain selinux booleans we need for our proxy layer
+  seboolean: name={{ item }} state=true persistent=true
+  with_items:
+  # We need this for httpd to be able to reverseproxy to other machines.
+  - httpd_can_network_connect
+  tags:
+  - httpd
+  - httpd/proxy
+  - selinux