Mercurial > repos > other > Puppet
annotate modules/website/manifests/https/multitld.pp @ 284:9431aec4d998
Switch to using IPv6 prefix and IP per site
This is because the proxy seems to break SNI, so we need an IP
per SSL cert. We're not short of IPv6 addresses, though!
Also corrected to "4to6" naming, because we're letting IPv4 access
an IPv6 site
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Sun, 16 Feb 2020 12:07:35 +0000 |
parents | af7df930a670 |
children | 386881985a35 |
rev | line source |
---|---|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
1 define website::https::multitld ( |
277
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
2 Optional[String] $docroot = undef, |
284
9431aec4d998
Switch to using IPv6 prefix and IP per site
IBBoard <dev@ibboard.co.uk>
parents:
281
diff
changeset
|
3 Stdlib::IP::Address $ip = $website::primary_ip, |
9431aec4d998
Switch to using IPv6 prefix and IP per site
IBBoard <dev@ibboard.co.uk>
parents:
281
diff
changeset
|
4 Stdlib::IP::Address::V6 $proxy_4to6_ip = undef, |
277
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
5 Optional[Integer] $priority = undef, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
6 String $base = $name, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
7 Pattern[/^[a-z]+(\.[a-z]+)?$/] $main_tld = $website::tld, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
8 Array $extra_tlds = $website::extra_tlds, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
9 Optional[String] $ssl_ca_chain = undef, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
10 Optional[String] $letsencrypt_name = undef, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
11 Optional[String] $docroot_owner = undef, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
12 Optional[String] $docroot_group = undef, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
13 Optional[String] $custom_fragment = undef, |
281
af7df930a670
Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents:
277
diff
changeset
|
14 Optional[String] $proxy_fragment = $custom_fragment, |
277
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
15 Optional[Boolean] $force_no_index = undef, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
16 Optional[Boolean] $force_no_www = undef, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
17 Optional[Boolean] $csp = true, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
18 Optional[Hash[String, String]] $csp_override = undef, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
19 Boolean $csp_report = true, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
20 Optional[Hash[String, String]] $csp_report_override = undef, |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
21 ) { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
22 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
23 if ! defined(Class['website']) { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
24 fail('You must include the website base class before using any website defined resources') |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
25 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
26 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
27 $alias = domain_to_short_domain($base) |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
28 |
150
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
11
diff
changeset
|
29 $base_aliases = prefix($extra_tlds, "${base}.") |
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
11
diff
changeset
|
30 if $base != $alias { |
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
11
diff
changeset
|
31 $aliases = concat(concat($base_aliases, "${alias}.${main_tld}"), |
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
11
diff
changeset
|
32 prefix($extra_tlds, "${alias}.")) |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
33 } else { |
150
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
11
diff
changeset
|
34 $aliases = $base_aliases |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
35 } |
150
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
11
diff
changeset
|
36 |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
37 $main_domain = "${base}.${main_tld}" |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
38 website::https { $main_domain: |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
39 priority => $priority, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
40 ip => $ip, |
284
9431aec4d998
Switch to using IPv6 prefix and IP per site
IBBoard <dev@ibboard.co.uk>
parents:
281
diff
changeset
|
41 proxy_4to6_ip => $proxy_4to6_ip, |
150
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
11
diff
changeset
|
42 serveraliases => $aliases, |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
43 docroot => $docroot, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
44 docroot_owner => $docroot_owner, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
45 docroot_group => $docroot_group, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
46 ssl_ca_chain => $ssl_ca_chain, |
150
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
11
diff
changeset
|
47 letsencrypt_name => $letsencrypt_name, |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
48 custom_fragment => $custom_fragment, |
281
af7df930a670
Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents:
277
diff
changeset
|
49 proxy_fragment => $proxy_fragment, |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
50 force_no_index => $force_no_index, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
51 force_no_www => $force_no_www, |
263 | 52 csp => $csp, |
236
4519b727cc4c
Make Content-Security-Policy cleaner and easier to set
IBBoard <dev@ibboard.co.uk>
parents:
150
diff
changeset
|
53 csp_override => $csp_override, |
263 | 54 csp_report => $csp_report, |
236
4519b727cc4c
Make Content-Security-Policy cleaner and easier to set
IBBoard <dev@ibboard.co.uk>
parents:
150
diff
changeset
|
55 csp_report_override => $csp_report_override, |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
56 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
57 } |