Mercurial > repos > other > Puppet
annotate modules/website/manifests/https.pp @ 136:765e72629b3e puppet-3.6
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
The 'undef' value coerces to empty string, so "$var == undef" becomes
"$var == ''", which broke our logic. Puppet 3 doesn't have a prettier solution
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Fri, 11 Nov 2016 21:04:13 +0000 |
| parents | 9337c9ce648a |
| children | 060f81349dd6 |
| rev | line source |
|---|---|
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
1 # If the SSL cert and key are defined then the definer deals with them existing |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
2 # If the SSL cert and key are not defined then we use template file paths and ensure they exist |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
3 define website::https( |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
4 $docroot = undef, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
5 $ip = $website::primary_ip, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
6 $ssl_cert = undef, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
7 $ssl_key = undef, |
|
133
9337c9ce648a
Switch to using LetsEncrypt certs by default
IBBoard <dev@ibboard.co.uk>
parents:
106
diff
changeset
|
8 $ssl_ca_chain = undef, |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
9 $priority = undef, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
10 $docroot_owner = undef, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
11 $docroot_group = undef, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
12 $serveraliases = [], |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
13 $ensure = 'present', |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
14 $custom_fragment = '', |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
15 $force_no_www = true, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
16 $force_no_index = true, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
17 $lockdown_requests = true, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
18 ) { |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
19 |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
20 if ! defined(Class['website']) { |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
21 fail('You must include the website base class before using any website defined resources') |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
22 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
23 |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
24 validate_re($ensure, '^(present|absent)$', |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
25 "${ensure} is not supported for ensure. |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
26 Allowed values are 'present' and 'absent'.") |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
27 |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
28 $shortname = domain_to_short_name($name) |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
29 $logpart = $shortname |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
30 $shortdomain = domain_to_short_domain($name) |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
31 |
|
106
ef0926ee389a
Lock down Apache headers for security, based on https://securityheaders.io/
IBBoard <dev@ibboard.co.uk>
parents:
105
diff
changeset
|
32 $custom_conf0 = 'Header always set Strict-Transport-Security "max-age=16070400; includeSubDomains" |
|
ef0926ee389a
Lock down Apache headers for security, based on https://securityheaders.io/
IBBoard <dev@ibboard.co.uk>
parents:
105
diff
changeset
|
33 Header always set X-Xss-Protection "1; mode=block" |
|
ef0926ee389a
Lock down Apache headers for security, based on https://securityheaders.io/
IBBoard <dev@ibboard.co.uk>
parents:
105
diff
changeset
|
34 Header always set X-Content-Type-Options "nosniff" |
|
ef0926ee389a
Lock down Apache headers for security, based on https://securityheaders.io/
IBBoard <dev@ibboard.co.uk>
parents:
105
diff
changeset
|
35 Header always set X-Frame-Options "SAMEORIGIN"' |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
36 |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
37 if $force_no_index { |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
38 $custom_conf1 = "$custom_conf0 |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
39 Include conf.extra/no-index.conf" |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
40 } else { |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
41 $custom_conf1 = $custom_conf0 |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
42 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
43 |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
44 if $lockdown_requests { |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
45 $custom_conf2 = "$custom_conf1 |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
46 Include conf.custom/filter-core.conf" |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
47 } else { |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
48 $custom_conf2 = $custom_conf1 |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
49 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
50 |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
51 if $force_no_www { |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
52 $custom_conf3 = "$custom_conf2 |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
53 Include conf.extra/no-www.conf" |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
54 } else { |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
55 $custom_conf3 = $custom_conf2 |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
56 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
57 |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
58 if $custom_fragment { |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
59 $custom_conf = "$custom_conf3 |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
60 #Additional custom fragment |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
61 $custom_fragment" |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
62 } else { |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
63 $custom_conf = $custom_conf3 |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
64 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
65 |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
66 if $docroot == undef { |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
67 $siteroot = "${website::basedir}/${shortname}" |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
68 } else { |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
69 $siteroot = $docroot |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
70 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
71 |
|
136
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
72 # These conditionals use an ugly cludge from |
|
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
73 # http://grokbase.com/t/gg/puppet-users/147by1key3/checking-a-variable-is-not-undef#20140713grem6zqsai7qjbgkmd2f4ia3qi |
|
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
74 # because if we don't then undef gets auto-cast to the empty string and the empty string matches our special "no CA chain" case |
|
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
75 # It'd be nicer to use "=~ Undef" to check types (https://puppet-on-the-edge.blogspot.co.uk/2013/12/lets-talk-about-undef.html), |
|
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
76 # but that threw syntax errors. |
|
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
77 if $ssl_cert == undef and $ssl_ca_chain == undef and !("" in [$ssl_ca_chain]) { |
|
133
9337c9ce648a
Switch to using LetsEncrypt certs by default
IBBoard <dev@ibboard.co.uk>
parents:
106
diff
changeset
|
78 $sslcert = "/etc/letsencrypt/live/${::fqdn}/cert.pem" |
|
9337c9ce648a
Switch to using LetsEncrypt certs by default
IBBoard <dev@ibboard.co.uk>
parents:
106
diff
changeset
|
79 $sslkey = "/etc/letsencrypt/live/${::fqdn}/privkey.pem" |
|
136
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
80 } elsif $ssl_cert == undef { |
|
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
81 $sslcert = "${website::certdir}/${shortdomain}.crt" |
|
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
82 $sslkey = "${website::certdir}/${shortdomain}.key" |
|
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
83 File { |
|
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
84 mode => '0400', |
|
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
85 owner => 'root', |
|
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
86 group => 'root', |
|
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
87 } |
|
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
88 file { $sslcert: |
|
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
89 source => "puppet:///private/pki/custom/${shortdomain}.crt", |
|
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
90 before => Apache::Vhost[$name], |
|
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
91 notify => Service['httpd'], |
|
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
92 ensure => present; |
|
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
93 } |
|
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
94 file { $sslkey: |
|
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
95 source => "puppet:///private/pki/custom/${shortdomain}.key", |
|
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
96 before => Apache::Vhost[$name], |
|
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
97 notify => Service['httpd'], |
|
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
98 ensure => present; |
|
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
99 } |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
100 } else { |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
101 $sslcert = $ssl_cert |
|
133
9337c9ce648a
Switch to using LetsEncrypt certs by default
IBBoard <dev@ibboard.co.uk>
parents:
106
diff
changeset
|
102 $sslkey = $ssl_key |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
103 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
104 |
|
136
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
105 if $ssl_ca_chain == undef and !("" in [$ssl_ca_chain]) { |
|
133
9337c9ce648a
Switch to using LetsEncrypt certs by default
IBBoard <dev@ibboard.co.uk>
parents:
106
diff
changeset
|
106 $ssl_chain = $website::ca_chain |
|
9337c9ce648a
Switch to using LetsEncrypt certs by default
IBBoard <dev@ibboard.co.uk>
parents:
106
diff
changeset
|
107 } |
|
9337c9ce648a
Switch to using LetsEncrypt certs by default
IBBoard <dev@ibboard.co.uk>
parents:
106
diff
changeset
|
108 elsif $ssl_ca_chain == '' { |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
109 # Special case where we're directly under the CA and don't want to unnecessarily send the CA cert |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
110 $ssl_chain = undef |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
111 } else { |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
112 $ssl_chain = "/etc/pki/custom/$ssl_ca_chain" |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
113 if ! defined(File[$ssl_chain]) { |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
114 file { $ssl_chain: |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
115 ensure => present, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
116 source => "puppet:///private/pki/custom/$ssl_ca_chain", |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
117 notify => Service['httpd'], |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
118 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
119 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
120 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
121 |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
122 if $docroot_owner == undef { |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
123 $owner = $website::docroot_owner |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
124 } else { |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
125 $owner = $docroot_owner |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
126 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
127 |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
128 if $docroot_group == undef { |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
129 $group = $website::docroot_group |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
130 } else { |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
131 $group = $docroot_group |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
132 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
133 |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
134 apache::vhost { $name: |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
135 ip => $ip, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
136 port => '443', |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
137 priority => $priority, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
138 docroot => $siteroot, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
139 docroot_owner => $owner, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
140 docroot_group => $group, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
141 custom_fragment => $custom_conf, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
142 logroot => '/var/log/apache/', |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
143 access_log_file => "access_${logpart}.log", |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
144 error_log_file => "error_${logpart}.log", |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
145 serveraliases => $serveraliases, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
146 ssl => true, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
147 ssl_cert => $sslcert, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
148 ssl_key => $sslkey, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
149 ssl_chain => $ssl_chain, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
150 ensure => $ensure, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
151 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
152 |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
153 apache::vhost { "${name}-80": |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
154 servername => $name, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
155 port => 80, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
156 docroot => $siteroot, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
157 redirect_status => 'permanent', |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
158 redirect_dest => "https://$name/", |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
159 serveraliases => $serveraliases, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
160 logroot => '/var/log/apache/', |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
161 access_log_file => "access_${logpart}_nossl.log", |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
162 error_log_file => "error_${logpart}_nossl.log", |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
163 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
164 } |