Mercurial > repos > other > Puppet
annotate modules/website/manifests/init.pp @ 281:af7df930a670
Add 4-to-6 proxy and mod_remoteip setup
Includes adding a separate fragment for the proxy (defaults to
the main fragment) for sites like Dev where duplicate WSGIDaemon
definitions cause errors.
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Sat, 15 Feb 2020 19:07:11 +0000 |
parents | e36b7f4f85f2 |
children | 9431aec4d998 |
rev | line source |
---|---|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
1 class website( |
277
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
266
diff
changeset
|
2 Pattern[/^(\/[^\/]+)*$/] $base_dir, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
266
diff
changeset
|
3 Pattern[/^(\/[^\/]+)*$/] $cert_dir = '/etc/pki/custom', |
279 | 4 Stdlib::IP::Address $primary_ip, |
5 Stdlib::IP::Address::V6 $proxy_6to4_ip = undef, | |
6 Array[Stdlib::IP::Address::V6] $proxy_upstream = undef, | |
277
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
266
diff
changeset
|
7 String $default_owner, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
266
diff
changeset
|
8 String $default_group, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
266
diff
changeset
|
9 String $default_tld = 'com', |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
266
diff
changeset
|
10 Array $default_extra_tlds = [] |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
11 ){ |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
12 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
13 $basedir = $base_dir |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
14 $certdir = $cert_dir |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
15 $docroot_owner = $default_owner |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
16 $docroot_group = $default_group |
133
9337c9ce648a
Switch to using LetsEncrypt certs by default
IBBoard <dev@ibboard.co.uk>
parents:
119
diff
changeset
|
17 $ca_chain = "/etc/letsencrypt/live/${::fqdn}/chain.pem" |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
18 $tld = $default_tld |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
19 $extra_tlds = $default_extra_tlds |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
20 $htmlphpfragment = "Include conf.extra/html-php.conf" |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
21 $filterfragment = "Include conf.custom/filter.conf" |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
22 $cmsfragment = "Include conf.extra/cms_rewrites.conf" |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
23 |
236
4519b727cc4c
Make Content-Security-Policy cleaner and easier to set
IBBoard <dev@ibboard.co.uk>
parents:
135
diff
changeset
|
24 $csp_base = {"frame-ancestors" => "'none'", "base-uri" => "'none'"} |
4519b727cc4c
Make Content-Security-Policy cleaner and easier to set
IBBoard <dev@ibboard.co.uk>
parents:
135
diff
changeset
|
25 $csp_report_base = { |
4519b727cc4c
Make Content-Security-Policy cleaner and easier to set
IBBoard <dev@ibboard.co.uk>
parents:
135
diff
changeset
|
26 "default-src" => "'none'", |
4519b727cc4c
Make Content-Security-Policy cleaner and easier to set
IBBoard <dev@ibboard.co.uk>
parents:
135
diff
changeset
|
27 "img-src" => "'self'", |
4519b727cc4c
Make Content-Security-Policy cleaner and easier to set
IBBoard <dev@ibboard.co.uk>
parents:
135
diff
changeset
|
28 "script-src" => "'self'", |
4519b727cc4c
Make Content-Security-Policy cleaner and easier to set
IBBoard <dev@ibboard.co.uk>
parents:
135
diff
changeset
|
29 "style-src" => "'self'", |
4519b727cc4c
Make Content-Security-Policy cleaner and easier to set
IBBoard <dev@ibboard.co.uk>
parents:
135
diff
changeset
|
30 "font-src" => "'self'" |
4519b727cc4c
Make Content-Security-Policy cleaner and easier to set
IBBoard <dev@ibboard.co.uk>
parents:
135
diff
changeset
|
31 } |
4519b727cc4c
Make Content-Security-Policy cleaner and easier to set
IBBoard <dev@ibboard.co.uk>
parents:
135
diff
changeset
|
32 |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
33 class { 'apache': |
261
c3ecb1e58713
Fix more CentOS 7 vs 8 differences
IBBoard <dev@ibboard.co.uk>
parents:
252
diff
changeset
|
34 vhost_dir => "/etc/httpd/conf.d/vhosts", |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
35 default_mods => false, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
36 default_vhost => false, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
37 mpm_module => false, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
38 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
39 class { 'apache::mod::dir': indexes => [ 'index.html' ] } |
84
ae30d98f294f
Drop the number of spare servers to save some memory when we normally only have a couple of processes at once
IBBoard <dev@ibboard.co.uk>
parents:
57
diff
changeset
|
40 class { 'apache::mod::prefork': |
ae30d98f294f
Drop the number of spare servers to save some memory when we normally only have a couple of processes at once
IBBoard <dev@ibboard.co.uk>
parents:
57
diff
changeset
|
41 serverlimit => 45, |
ae30d98f294f
Drop the number of spare servers to save some memory when we normally only have a couple of processes at once
IBBoard <dev@ibboard.co.uk>
parents:
57
diff
changeset
|
42 maxclients => 45, |
98
00453eecda4c
Reduce the number of spare servers, because we're quiet and need spare memory
IBBoard <dev@ibboard.co.uk>
parents:
84
diff
changeset
|
43 maxspareservers => 6, |
84
ae30d98f294f
Drop the number of spare servers to save some memory when we normally only have a couple of processes at once
IBBoard <dev@ibboard.co.uk>
parents:
57
diff
changeset
|
44 } |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
45 apache::mod { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
46 'rewrite':; |
254
5a903aa91469
Change header types and add module to fix NextCloud header checks
IBBoard <dev@ibboard.co.uk>
parents:
236
diff
changeset
|
47 'expires':; |
5a903aa91469
Change header types and add module to fix NextCloud header checks
IBBoard <dev@ibboard.co.uk>
parents:
236
diff
changeset
|
48 'env':; |
5a903aa91469
Change header types and add module to fix NextCloud header checks
IBBoard <dev@ibboard.co.uk>
parents:
236
diff
changeset
|
49 'setenvif':; |
5a903aa91469
Change header types and add module to fix NextCloud header checks
IBBoard <dev@ibboard.co.uk>
parents:
236
diff
changeset
|
50 'headers':; |
34
29d330d2056a
Make sure that we have mod_version installed so that Apache config fragments that try to support 2.2 and 2.4 work properly
IBBoard <dev@ibboard.co.uk>
parents:
1
diff
changeset
|
51 'version':; |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
52 } |
119
95502bafeaa3
Blank some Apache configs to prevent httpd update breaking the server
IBBoard <dev@ibboard.co.uk>
parents:
115
diff
changeset
|
53 |
95502bafeaa3
Blank some Apache configs to prevent httpd update breaking the server
IBBoard <dev@ibboard.co.uk>
parents:
115
diff
changeset
|
54 # Updating the httpd package puts back some configs that we |
95502bafeaa3
Blank some Apache configs to prevent httpd update breaking the server
IBBoard <dev@ibboard.co.uk>
parents:
115
diff
changeset
|
55 # don't load the relevant modules for, so we'll try to make |
95502bafeaa3
Blank some Apache configs to prevent httpd update breaking the server
IBBoard <dev@ibboard.co.uk>
parents:
115
diff
changeset
|
56 # them blank so that RPM/Yum makes ".rpmnew" files instead |
95502bafeaa3
Blank some Apache configs to prevent httpd update breaking the server
IBBoard <dev@ibboard.co.uk>
parents:
115
diff
changeset
|
57 $unused_default_mods = [ |
95502bafeaa3
Blank some Apache configs to prevent httpd update breaking the server
IBBoard <dev@ibboard.co.uk>
parents:
115
diff
changeset
|
58 "${::apache::mod_dir}/autoindex.conf", |
95502bafeaa3
Blank some Apache configs to prevent httpd update breaking the server
IBBoard <dev@ibboard.co.uk>
parents:
115
diff
changeset
|
59 "${::apache::mod_dir}/userdir.conf", |
95502bafeaa3
Blank some Apache configs to prevent httpd update breaking the server
IBBoard <dev@ibboard.co.uk>
parents:
115
diff
changeset
|
60 "${::apache::mod_dir}/welcome.conf", |
95502bafeaa3
Blank some Apache configs to prevent httpd update breaking the server
IBBoard <dev@ibboard.co.uk>
parents:
115
diff
changeset
|
61 ] |
95502bafeaa3
Blank some Apache configs to prevent httpd update breaking the server
IBBoard <dev@ibboard.co.uk>
parents:
115
diff
changeset
|
62 file { $unused_default_mods: |
95502bafeaa3
Blank some Apache configs to prevent httpd update breaking the server
IBBoard <dev@ibboard.co.uk>
parents:
115
diff
changeset
|
63 ensure => file, |
95502bafeaa3
Blank some Apache configs to prevent httpd update breaking the server
IBBoard <dev@ibboard.co.uk>
parents:
115
diff
changeset
|
64 content => '', |
248
72deb9ebb15e
Make sure that web server files come after package creates dir
IBBoard <dev@ibboard.co.uk>
parents:
246
diff
changeset
|
65 require => Class['apache'], |
119
95502bafeaa3
Blank some Apache configs to prevent httpd update breaking the server
IBBoard <dev@ibboard.co.uk>
parents:
115
diff
changeset
|
66 } |
95502bafeaa3
Blank some Apache configs to prevent httpd update breaking the server
IBBoard <dev@ibboard.co.uk>
parents:
115
diff
changeset
|
67 |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
68 file { $base_dir: |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
69 ensure => directory; |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
70 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
71 file { '/var/log/apache': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
72 ensure => directory, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
73 mode => '0750', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
74 group => 'apache', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
75 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
76 file { '/etc/httpd/conf.extra': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
77 ensure => directory, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
78 recurse => true, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
79 source => "puppet:///modules/website/conf.extra", |
248
72deb9ebb15e
Make sure that web server files come after package creates dir
IBBoard <dev@ibboard.co.uk>
parents:
246
diff
changeset
|
80 require => Class['apache'], |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
81 notify => Service['httpd']; |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
82 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
83 file { '/etc/httpd/conf/mime.types': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
84 ensure => present, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
85 source => "puppet:///modules/website/mime.types", |
248
72deb9ebb15e
Make sure that web server files come after package creates dir
IBBoard <dev@ibboard.co.uk>
parents:
246
diff
changeset
|
86 require => Class['apache'], |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
87 notify => Service['httpd']; |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
88 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
89 file { '/etc/php.d/datetime.ini': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
90 ensure => present, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
91 source => "puppet:///modules/website/datetime.ini", |
248
72deb9ebb15e
Make sure that web server files come after package creates dir
IBBoard <dev@ibboard.co.uk>
parents:
246
diff
changeset
|
92 require => Class['apache'], |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
93 notify => Service['httpd']; |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
94 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
95 file { '/etc/httpd/conf.d/zzz-custom.conf': |
115
b35a9df52965
Make sure that custom config comes before site configs
IBBoard <dev@ibboard.co.uk>
parents:
98
diff
changeset
|
96 ensure => absent, |
248
72deb9ebb15e
Make sure that web server files come after package creates dir
IBBoard <dev@ibboard.co.uk>
parents:
246
diff
changeset
|
97 require => Class['apache'], |
115
b35a9df52965
Make sure that custom config comes before site configs
IBBoard <dev@ibboard.co.uk>
parents:
98
diff
changeset
|
98 notify => Service['httpd']; |
b35a9df52965
Make sure that custom config comes before site configs
IBBoard <dev@ibboard.co.uk>
parents:
98
diff
changeset
|
99 } |
b35a9df52965
Make sure that custom config comes before site configs
IBBoard <dev@ibboard.co.uk>
parents:
98
diff
changeset
|
100 file { '/etc/httpd/conf.d/zzz-0-custom.conf': |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
101 ensure => present, |
115
b35a9df52965
Make sure that custom config comes before site configs
IBBoard <dev@ibboard.co.uk>
parents:
98
diff
changeset
|
102 source => "puppet:///modules/website/zzz-0-custom.conf", |
248
72deb9ebb15e
Make sure that web server files come after package creates dir
IBBoard <dev@ibboard.co.uk>
parents:
246
diff
changeset
|
103 require => Class['apache'], |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
104 notify => Service['httpd']; |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
105 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
106 file { '/etc/httpd/conf.d/php.conf': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
107 ensure => present, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
108 source => "puppet:///modules/website/php.conf", |
248
72deb9ebb15e
Make sure that web server files come after package creates dir
IBBoard <dev@ibboard.co.uk>
parents:
246
diff
changeset
|
109 require => Class['apache'], |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
110 notify => Service['httpd']; |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
111 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
112 file { '/etc/httpd/conf.custom': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
113 ensure => directory, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
114 recurse => true, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
115 source => "puppet:///private/apache/conf.custom", |
248
72deb9ebb15e
Make sure that web server files come after package creates dir
IBBoard <dev@ibboard.co.uk>
parents:
246
diff
changeset
|
116 require => Class['apache'], |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
117 notify => Service['httpd']; |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
118 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
119 file { $cert_dir: |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
120 ensure => directory; |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
121 } |
279 | 122 firewall { '100 allow https and http': |
123 destination => $primary_ip, | |
124 dport => [80, 443], | |
125 proto => tcp, | |
126 action => accept, | |
127 } | |
128 if ($proxy_6to4_ip != undef) and ($proxy_upstream != undef) { | |
129 augeas {'/etc/sysconfig/network-scripts/ifcfg-eth0': | |
130 context => "/files/etc/sysconfig/network-scripts/ifcfg-eth0", | |
131 changes => "set IPV6ADDR_SECONDARIES $proxy_6to4_ip", | |
132 } | |
281
af7df930a670
Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents:
279
diff
changeset
|
133 |
af7df930a670
Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents:
279
diff
changeset
|
134 apache::mod { "remoteip": } |
af7df930a670
Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents:
279
diff
changeset
|
135 |
279 | 136 $proxy_upstream.each |String $upstream_addr| { |
137 firewall { "100 limit PROXY protocol to upstream $upstream_addr": | |
138 source => $upstream_addr, | |
139 destination => $proxy_6to4_ip, | |
140 dport => [80, 443], | |
141 proto => tcp, | |
142 action => accept, | |
143 } | |
144 } | |
145 firewall { "101 block all other PROXY protocol access": | |
146 destination => $proxy_6to4_ip, | |
147 dport => [80, 443], | |
148 proto => tcp, | |
149 action => reject, | |
150 } | |
151 } | |
246 | 152 if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, '7') >= 0 { |
48
5cdc1c96c477
Add SELinux support for website content
IBBoard <dev@ibboard.co.uk>
parents:
1
diff
changeset
|
153 exec { 'set_apache_defaults': |
5cdc1c96c477
Add SELinux support for website content
IBBoard <dev@ibboard.co.uk>
parents:
1
diff
changeset
|
154 command => 'semanage fcontext -a -t httpd_sys_content_t "/srv/sites(/.*)?"', |
5cdc1c96c477
Add SELinux support for website content
IBBoard <dev@ibboard.co.uk>
parents:
1
diff
changeset
|
155 path => '/bin:/usr/bin/:/sbin:/usr/sbin', |
5cdc1c96c477
Add SELinux support for website content
IBBoard <dev@ibboard.co.uk>
parents:
1
diff
changeset
|
156 require => Package['policycoreutils-python'], |
5cdc1c96c477
Add SELinux support for website content
IBBoard <dev@ibboard.co.uk>
parents:
1
diff
changeset
|
157 unless => 'semanage fcontext --list | grep "/srv/sites\\(/\\.\\*\\)\\?"', |
5cdc1c96c477
Add SELinux support for website content
IBBoard <dev@ibboard.co.uk>
parents:
1
diff
changeset
|
158 } |
133
9337c9ce648a
Switch to using LetsEncrypt certs by default
IBBoard <dev@ibboard.co.uk>
parents:
119
diff
changeset
|
159 cron { 'letsencrypt-renewal': |
9337c9ce648a
Switch to using LetsEncrypt certs by default
IBBoard <dev@ibboard.co.uk>
parents:
119
diff
changeset
|
160 command => '/usr/bin/certbot renew --quiet', |
9337c9ce648a
Switch to using LetsEncrypt certs by default
IBBoard <dev@ibboard.co.uk>
parents:
119
diff
changeset
|
161 hour => '*/12', |
9337c9ce648a
Switch to using LetsEncrypt certs by default
IBBoard <dev@ibboard.co.uk>
parents:
119
diff
changeset
|
162 minute => '21', |
9337c9ce648a
Switch to using LetsEncrypt certs by default
IBBoard <dev@ibboard.co.uk>
parents:
119
diff
changeset
|
163 } |
278
a8bf3a400712
Make Certbot package version specific
IBBoard <dev@ibboard.co.uk>
parents:
277
diff
changeset
|
164 if versioncmp($operatingsystemrelease, '7') == 0 { |
a8bf3a400712
Make Certbot package version specific
IBBoard <dev@ibboard.co.uk>
parents:
277
diff
changeset
|
165 $certbot_pkg = 'python2-certbot-apache' |
a8bf3a400712
Make Certbot package version specific
IBBoard <dev@ibboard.co.uk>
parents:
277
diff
changeset
|
166 } else { |
a8bf3a400712
Make Certbot package version specific
IBBoard <dev@ibboard.co.uk>
parents:
277
diff
changeset
|
167 $certbot_pkg = 'python3-certbot-apache' |
a8bf3a400712
Make Certbot package version specific
IBBoard <dev@ibboard.co.uk>
parents:
277
diff
changeset
|
168 } |
a8bf3a400712
Make Certbot package version specific
IBBoard <dev@ibboard.co.uk>
parents:
277
diff
changeset
|
169 package { $certbot_pkg: |
135
b3f6c7a910d0
Add Certbot packages we depend on for commands and providing certs
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
170 ensure => installed, |
b3f6c7a910d0
Add Certbot packages we depend on for commands and providing certs
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
171 } |
48
5cdc1c96c477
Add SELinux support for website content
IBBoard <dev@ibboard.co.uk>
parents:
1
diff
changeset
|
172 } |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
173 } |