Mercurial > repos > other > Puppet

annotate modules/website/manifests/https.pp @ 437:b8d6ada284dd

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update Apache module to latest version Also converted some params to ints to match
author IBBoard <dev@ibboard.co.uk>
date Sun, 14 Aug 2022 11:30:13 +0100
parents 9431aec4d998
children 7222218a7098
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
1 # If the SSL cert and key are defined then the definer deals with them existing
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
2 # If the SSL cert and key are not defined then we use template file paths and ensure they exist
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
3 define website::https(
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
4 $docroot = undef,
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
5 $ip = $website::primary_ip,
284
9431aec4d998 Switch to using IPv6 prefix and IP per site
IBBoard <dev@ibboard.co.uk>
parents: 281
diff changeset
6 $proxy_4to6_ip = undef,
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
7 $ssl_cert = undef,
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
8 $ssl_key = undef,
133
9337c9ce648a Switch to using LetsEncrypt certs by default
IBBoard <dev@ibboard.co.uk>
parents: 106
diff changeset
9 $ssl_ca_chain = undef,
150
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents: 136
diff changeset
10 $letsencrypt_name = undef,
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
11 $priority = undef,
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
12 $docroot_owner = undef,
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
13 $docroot_group = undef,
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
14 $serveraliases = [],
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
15 $ensure = 'present',
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
16 $custom_fragment = '',
281
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
17 Optional[String] $proxy_fragment = $custom_fragment,
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
18 $force_no_www = true,
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
19 $force_no_index = true,
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
20 $lockdown_requests = true,
263
f99974dc0f1a Add a way to skip setting CSP
IBBoard <dev@ibboard.co.uk>
parents: 256
diff changeset
21 $csp = true,
236
4519b727cc4c Make Content-Security-Policy cleaner and easier to set
IBBoard <dev@ibboard.co.uk>
parents: 182
diff changeset
22 $csp_override = undef,
263
f99974dc0f1a Add a way to skip setting CSP
IBBoard <dev@ibboard.co.uk>
parents: 256
diff changeset
23 $csp_report = true,
236
4519b727cc4c Make Content-Security-Policy cleaner and easier to set
IBBoard <dev@ibboard.co.uk>
parents: 182
diff changeset
24 $csp_report_override = undef,
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
25 ) {
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
26
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
27 if ! defined(Class['website']) {
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
28 fail('You must include the website base class before using any website defined resources')
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
29 }
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
30
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
31 $shortname = domain_to_short_name($name)
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
32 $logpart = $shortname
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
33 $shortdomain = domain_to_short_domain($name)
155
e661cb2dd942 Make sure that we still redirect to non-www if we want it
IBBoard <dev@ibboard.co.uk>
parents: 150
diff changeset
34 if $force_no_www {
e661cb2dd942 Make sure that we still redirect to non-www if we want it
IBBoard <dev@ibboard.co.uk>
parents: 150
diff changeset
35 $primary_name = $shortdomain
e661cb2dd942 Make sure that we still redirect to non-www if we want it
IBBoard <dev@ibboard.co.uk>
parents: 150
diff changeset
36 } else {
e661cb2dd942 Make sure that we still redirect to non-www if we want it
IBBoard <dev@ibboard.co.uk>
parents: 150
diff changeset
37 $primary_name = $name
e661cb2dd942 Make sure that we still redirect to non-www if we want it
IBBoard <dev@ibboard.co.uk>
parents: 150
diff changeset
38 }
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
39
263
f99974dc0f1a Add a way to skip setting CSP
IBBoard <dev@ibboard.co.uk>
parents: 256
diff changeset
40 if $csp {
f99974dc0f1a Add a way to skip setting CSP
IBBoard <dev@ibboard.co.uk>
parents: 256
diff changeset
41 $csp_string = hash_to_csp($website::csp_base, $csp_override)
f99974dc0f1a Add a way to skip setting CSP
IBBoard <dev@ibboard.co.uk>
parents: 256
diff changeset
42 }
f99974dc0f1a Add a way to skip setting CSP
IBBoard <dev@ibboard.co.uk>
parents: 256
diff changeset
43 if $csp_report {
f99974dc0f1a Add a way to skip setting CSP
IBBoard <dev@ibboard.co.uk>
parents: 256
diff changeset
44 $csp_report_string = hash_to_csp($website::csp_report_base, $csp_report_override)
f99974dc0f1a Add a way to skip setting CSP
IBBoard <dev@ibboard.co.uk>
parents: 256
diff changeset
45 }
236
4519b727cc4c Make Content-Security-Policy cleaner and easier to set
IBBoard <dev@ibboard.co.uk>
parents: 182
diff changeset
46
150
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents: 136
diff changeset
47 $custom_conf0 = template('website/https_core_conf.erb')
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
48
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
49 if $force_no_index {
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
50 $custom_conf1 = "$custom_conf0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
51 Include conf.extra/no-index.conf"
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
52 } else {
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
53 $custom_conf1 = $custom_conf0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
54 }
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
55
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
56 if $lockdown_requests {
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
57 $custom_conf2 = "$custom_conf1
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
58 Include conf.custom/filter-core.conf"
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
59 } else {
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
60 $custom_conf2 = $custom_conf1
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
61 }
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
62
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
63 if $custom_fragment {
150
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents: 136
diff changeset
64 $custom_conf = "$custom_conf2
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
65 #Additional custom fragment
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
66 $custom_fragment"
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
67 } else {
150
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents: 136
diff changeset
68 $custom_conf = $custom_conf2
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
69 }
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
70
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
71 if $docroot == undef {
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
72 $siteroot = "${website::basedir}/${shortname}"
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
73 } else {
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
74 $siteroot = $docroot
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
75 }
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
76
136
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents: 133
diff changeset
77 # These conditionals use an ugly cludge from
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents: 133
diff changeset
78 # http://grokbase.com/t/gg/puppet-users/147by1key3/checking-a-variable-is-not-undef#20140713grem6zqsai7qjbgkmd2f4ia3qi
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents: 133
diff changeset
79 # because if we don't then undef gets auto-cast to the empty string and the empty string matches our special "no CA chain" case
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents: 133
diff changeset
80 # It'd be nicer to use "=~ Undef" to check types (https://puppet-on-the-edge.blogspot.co.uk/2013/12/lets-talk-about-undef.html),
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents: 133
diff changeset
81 # but that threw syntax errors.
150
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents: 136
diff changeset
82 if $ssl_cert != undef {
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents: 136
diff changeset
83 $sslcert = $ssl_cert
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents: 136
diff changeset
84 $sslkey = $ssl_key
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents: 136
diff changeset
85 } elsif $ssl_ca_chain == "" and ("" in [$ssl_ca_chain]) {
136
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents: 133
diff changeset
86 $sslcert = "${website::certdir}/${shortdomain}.crt"
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents: 133
diff changeset
87 $sslkey = "${website::certdir}/${shortdomain}.key"
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents: 133
diff changeset
88 File {
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents: 133
diff changeset
89 mode => '0400',
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents: 133
diff changeset
90 owner => 'root',
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents: 133
diff changeset
91 group => 'root',
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents: 133
diff changeset
92 }
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents: 133
diff changeset
93 file { $sslcert:
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents: 133
diff changeset
94 source => "puppet:///private/pki/custom/${shortdomain}.crt",
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents: 133
diff changeset
95 before => Apache::Vhost[$name],
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents: 133
diff changeset
96 notify => Service['httpd'],
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents: 133
diff changeset
97 ensure => present;
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents: 133
diff changeset
98 }
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents: 133
diff changeset
99 file { $sslkey:
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents: 133
diff changeset
100 source => "puppet:///private/pki/custom/${shortdomain}.key",
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents: 133
diff changeset
101 before => Apache::Vhost[$name],
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents: 133
diff changeset
102 notify => Service['httpd'],
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents: 133
diff changeset
103 ensure => present;
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents: 133
diff changeset
104 }
150
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents: 136
diff changeset
105 } elsif $letsencrypt_name != undef {
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents: 136
diff changeset
106 $sslcert = "/etc/letsencrypt/live/${letsencrypt_name}/cert.pem"
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents: 136
diff changeset
107 $sslkey = "/etc/letsencrypt/live/${letsencrypt_name}/privkey.pem"
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
108 } else {
150
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents: 136
diff changeset
109 $sslcert = "/etc/letsencrypt/live/${::fqdn}/cert.pem"
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents: 136
diff changeset
110 $sslkey = "/etc/letsencrypt/live/${::fqdn}/privkey.pem"
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
111 }
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
112
256
0ebd8efeef04 Merge Puppet divergences and fix SSL chain issues it caused
IBBoard <dev@ibboard.co.uk>
parents: 236
diff changeset
113 if $ssl_ca_chain == '' and '' in [$ssl_ca_chain] {
0ebd8efeef04 Merge Puppet divergences and fix SSL chain issues it caused
IBBoard <dev@ibboard.co.uk>
parents: 236
diff changeset
114 # Special case where we're directly under the CA and don't want to unnecessarily send the CA cert
0ebd8efeef04 Merge Puppet divergences and fix SSL chain issues it caused
IBBoard <dev@ibboard.co.uk>
parents: 236
diff changeset
115 $ssl_chain = undef
0ebd8efeef04 Merge Puppet divergences and fix SSL chain issues it caused
IBBoard <dev@ibboard.co.uk>
parents: 236
diff changeset
116 } elsif $ssl_ca_chain != undef {
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
117 $ssl_chain = "/etc/pki/custom/$ssl_ca_chain"
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
118 if ! defined(File[$ssl_chain]) {
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
119 file { $ssl_chain:
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
120 ensure => present,
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
121 source => "puppet:///private/pki/custom/$ssl_ca_chain",
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
122 notify => Service['httpd'],
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
123 }
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
124 }
150
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents: 136
diff changeset
125 } elsif $letsencrypt_name != undef {
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents: 136
diff changeset
126 $ssl_chain = "/etc/letsencrypt/live/${letsencrypt_name}/chain.pem"
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents: 136
diff changeset
127 } else {
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents: 136
diff changeset
128 $ssl_chain = $website::ca_chain
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
129 }
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
130
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
131 if $docroot_owner == undef {
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
132 $owner = $website::docroot_owner
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
133 } else {
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
134 $owner = $docroot_owner
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
135 }
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
136
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
137 if $docroot_group == undef {
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
138 $group = $website::docroot_group
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
139 } else {
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
140 $group = $docroot_group
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
141 }
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
142
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
143 apache::vhost { $name:
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
144 ip => $ip,
437
b8d6ada284dd Update Apache module to latest version
IBBoard <dev@ibboard.co.uk>
parents: 284
diff changeset
145 port => 443,
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
146 priority => $priority,
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
147 docroot => $siteroot,
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
148 docroot_owner => $owner,
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
149 docroot_group => $group,
182
1df1e161bbb5 Set group sticky bit on all sites to ease collaboration
IBBoard <dev@ibboard.co.uk>
parents: 161
diff changeset
150 docroot_mode => '2775',
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
151 custom_fragment => $custom_conf,
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
152 logroot => '/var/log/apache/',
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
153 access_log_file => "access_${logpart}.log",
161
d2b4750e843a Add custom log format - combined plus requested domain
IBBoard <dev@ibboard.co.uk>
parents: 155
diff changeset
154 access_log_format => "%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-agent}i\\\" %{Host}i",
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
155 error_log_file => "error_${logpart}.log",
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
156 serveraliases => $serveraliases,
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
157 ssl => true,
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
158 ssl_cert => $sslcert,
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
159 ssl_key => $sslkey,
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
160 ssl_chain => $ssl_chain,
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
161 ensure => $ensure,
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
162 }
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
163
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
164 apache::vhost { "${name}-80":
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
165 servername => $name,
281
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
166 ip => $ip,
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
167 port => 80,
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
168 docroot => $siteroot,
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
169 redirect_status => 'permanent',
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
170 redirect_dest => "https://$name/",
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
171 serveraliases => $serveraliases,
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
172 logroot => '/var/log/apache/',
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
173 access_log_file => "access_${logpart}_nossl.log",
161
d2b4750e843a Add custom log format - combined plus requested domain
IBBoard <dev@ibboard.co.uk>
parents: 155
diff changeset
174 access_log_format => "%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-agent}i\\\" %{Host}i",
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
175 error_log_file => "error_${logpart}_nossl.log",
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
176 }
281
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
177
284
9431aec4d998 Switch to using IPv6 prefix and IP per site
IBBoard <dev@ibboard.co.uk>
parents: 281
diff changeset
178 if ($proxy_4to6_ip != undef) {
281
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
179 apache::vhost { "$name-PROXY":
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
180 servername => $name,
284
9431aec4d998 Switch to using IPv6 prefix and IP per site
IBBoard <dev@ibboard.co.uk>
parents: 281
diff changeset
181 ip => $proxy_4to6_ip,
437
b8d6ada284dd Update Apache module to latest version
IBBoard <dev@ibboard.co.uk>
parents: 284
diff changeset
182 port => 443,
281
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
183 priority => $priority,
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
184 docroot => $siteroot,
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
185 docroot_owner => $owner,
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
186 docroot_group => $group,
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
187 docroot_mode => '2775',
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
188 custom_fragment => "RemoteIPProxyProtocol On
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
189 $custom_conf2
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
190 $proxy_fragment",
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
191 logroot => '/var/log/apache/',
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
192 access_log_file => "access_${logpart}.log",
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
193 access_log_format => "%a %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-agent}i\\\" %{Host}i",
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
194 error_log_file => "error_${logpart}.log",
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
195 serveraliases => $serveraliases,
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
196 ssl => true,
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
197 ssl_cert => $sslcert,
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
198 ssl_key => $sslkey,
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
199 ssl_chain => $ssl_chain,
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
200 ensure => $ensure,
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
201 }
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
202
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
203 apache::vhost { "${name}-80-PROXY":
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
204 servername => $name,
284
9431aec4d998 Switch to using IPv6 prefix and IP per site
IBBoard <dev@ibboard.co.uk>
parents: 281
diff changeset
205 ip => $proxy_4to6_ip,
281
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
206 port => 80,
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
207 docroot => $siteroot,
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
208 redirect_status => 'permanent',
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
209 redirect_dest => "https://$name/",
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
210 serveraliases => $serveraliases,
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
211 custom_fragment => "RemoteIPProxyProtocol On",
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
212 logroot => '/var/log/apache/',
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
213 access_log_file => "access_${logpart}_nossl.log",
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
214 access_log_format => "%a %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-agent}i\\\" %{Host}i",
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
215 error_log_file => "error_${logpart}_nossl.log",
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
216 }
af7df930a670 Add 4-to-6 proxy and mod_remoteip setup
IBBoard <dev@ibboard.co.uk>
parents: 277
diff changeset
217 }
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
218 }