other/Puppet: modules/website/manifests/https/multitld.pp annotate

annotate modules/website/manifests/https/multitld.pp @ 284:9431aec4d998

Switch to using IPv6 prefix and IP per site This is because the proxy seems to break SNI, so we need an IP per SSL cert. We're not short of IPv6 addresses, though! Also corrected to "4to6" naming, because we're letting IPv4 access an IPv6 site

author	IBBoard <dev@ibboard.co.uk>
date	Sun, 16 Feb 2020 12:07:35 +0000
parents	af7df930a670
children	386881985a35

rev	line source
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	1 define website::https::multitld (
277 13825cc1ec57 Replace deprecated validation methods IBBoard <dev@ibboard.co.uk> parents: 263 diff changeset	2 Optional[String] $docroot = undef,
284 9431aec4d998 Switch to using IPv6 prefix and IP per site IBBoard <dev@ibboard.co.uk> parents: 281 diff changeset	3 Stdlib::IP::Address $ip = $website::primary_ip,
9431aec4d998 Switch to using IPv6 prefix and IP per site IBBoard <dev@ibboard.co.uk> parents: 281 diff changeset	4 Stdlib::IP::Address::V6 $proxy_4to6_ip = undef,
277 13825cc1ec57 Replace deprecated validation methods IBBoard <dev@ibboard.co.uk> parents: 263 diff changeset	5 Optional[Integer] $priority = undef,
13825cc1ec57 Replace deprecated validation methods IBBoard <dev@ibboard.co.uk> parents: 263 diff changeset	6 String $base = $name,
13825cc1ec57 Replace deprecated validation methods IBBoard <dev@ibboard.co.uk> parents: 263 diff changeset	7 Pattern[/^[a-z]+(\.[a-z]+)?$/] $main_tld = $website::tld,
13825cc1ec57 Replace deprecated validation methods IBBoard <dev@ibboard.co.uk> parents: 263 diff changeset	8 Array $extra_tlds = $website::extra_tlds,
13825cc1ec57 Replace deprecated validation methods IBBoard <dev@ibboard.co.uk> parents: 263 diff changeset	9 Optional[String] $ssl_ca_chain = undef,
13825cc1ec57 Replace deprecated validation methods IBBoard <dev@ibboard.co.uk> parents: 263 diff changeset	10 Optional[String] $letsencrypt_name = undef,
13825cc1ec57 Replace deprecated validation methods IBBoard <dev@ibboard.co.uk> parents: 263 diff changeset	11 Optional[String] $docroot_owner = undef,
13825cc1ec57 Replace deprecated validation methods IBBoard <dev@ibboard.co.uk> parents: 263 diff changeset	12 Optional[String] $docroot_group = undef,
13825cc1ec57 Replace deprecated validation methods IBBoard <dev@ibboard.co.uk> parents: 263 diff changeset	13 Optional[String] $custom_fragment = undef,
281 af7df930a670 Add 4-to-6 proxy and mod_remoteip setup IBBoard <dev@ibboard.co.uk> parents: 277 diff changeset	14 Optional[String] $proxy_fragment = $custom_fragment,
277 13825cc1ec57 Replace deprecated validation methods IBBoard <dev@ibboard.co.uk> parents: 263 diff changeset	15 Optional[Boolean] $force_no_index = undef,
13825cc1ec57 Replace deprecated validation methods IBBoard <dev@ibboard.co.uk> parents: 263 diff changeset	16 Optional[Boolean] $force_no_www = undef,
13825cc1ec57 Replace deprecated validation methods IBBoard <dev@ibboard.co.uk> parents: 263 diff changeset	17 Optional[Boolean] $csp = true,
13825cc1ec57 Replace deprecated validation methods IBBoard <dev@ibboard.co.uk> parents: 263 diff changeset	18 Optional[Hash[String, String]] $csp_override = undef,
13825cc1ec57 Replace deprecated validation methods IBBoard <dev@ibboard.co.uk> parents: 263 diff changeset	19 Boolean $csp_report = true,
13825cc1ec57 Replace deprecated validation methods IBBoard <dev@ibboard.co.uk> parents: 263 diff changeset	20 Optional[Hash[String, String]] $csp_report_override = undef,
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	21 ) {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	22
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	23 if ! defined(Class['website']) {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	24 fail('You must include the website base class before using any website defined resources')
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	25 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	26
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	27 $alias = domain_to_short_domain($base)
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	28
150 060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity IBBoard <dev@ibboard.co.uk> parents: 11 diff changeset	29 $base_aliases = prefix($extra_tlds, "${base}.")
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity IBBoard <dev@ibboard.co.uk> parents: 11 diff changeset	30 if $base != $alias {
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity IBBoard <dev@ibboard.co.uk> parents: 11 diff changeset	31 $aliases = concat(concat($base_aliases, "${alias}.${main_tld}"),
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity IBBoard <dev@ibboard.co.uk> parents: 11 diff changeset	32 prefix($extra_tlds, "${alias}."))
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	33 } else {
150 060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity IBBoard <dev@ibboard.co.uk> parents: 11 diff changeset	34 $aliases = $base_aliases
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	35 }
150 060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity IBBoard <dev@ibboard.co.uk> parents: 11 diff changeset	36
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	37 $main_domain = "${base}.${main_tld}"
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	38 website::https { $main_domain:
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	39 priority => $priority,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	40 ip => $ip,
284 9431aec4d998 Switch to using IPv6 prefix and IP per site IBBoard <dev@ibboard.co.uk> parents: 281 diff changeset	41 proxy_4to6_ip => $proxy_4to6_ip,
150 060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity IBBoard <dev@ibboard.co.uk> parents: 11 diff changeset	42 serveraliases => $aliases,
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	43 docroot => $docroot,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	44 docroot_owner => $docroot_owner,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	45 docroot_group => $docroot_group,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	46 ssl_ca_chain => $ssl_ca_chain,
150 060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity IBBoard <dev@ibboard.co.uk> parents: 11 diff changeset	47 letsencrypt_name => $letsencrypt_name,
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	48 custom_fragment => $custom_fragment,
281 af7df930a670 Add 4-to-6 proxy and mod_remoteip setup IBBoard <dev@ibboard.co.uk> parents: 277 diff changeset	49 proxy_fragment => $proxy_fragment,
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	50 force_no_index => $force_no_index,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	51 force_no_www => $force_no_www,
263 f99974dc0f1a Add a way to skip setting CSP IBBoard <dev@ibboard.co.uk> parents: 236 diff changeset	52 csp => $csp,
236 4519b727cc4c Make Content-Security-Policy cleaner and easier to set IBBoard <dev@ibboard.co.uk> parents: 150 diff changeset	53 csp_override => $csp_override,
263 f99974dc0f1a Add a way to skip setting CSP IBBoard <dev@ibboard.co.uk> parents: 236 diff changeset	54 csp_report => $csp_report,
236 4519b727cc4c Make Content-Security-Policy cleaner and easier to set IBBoard <dev@ibboard.co.uk> parents: 150 diff changeset	55 csp_report_override => $csp_report_override,
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	56 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	57 }

Mercurial > repos > other > Puppet

annotate modules/website/manifests/https/multitld.pp @ 284:9431aec4d998