Mercurial > repos > other > Puppet
annotate modules/website/manifests/https/multitld.pp @ 469:e0147f345e65
Rework main vs proxy fragments and redirects
This ensures our site for IPv4 proxy users has the same
config while avoiding redefining any per-site WSGI pools etc
Redirects and logging were reworked to avoid redirecting
users that we're only going to block anyway
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Sun, 12 May 2024 19:49:42 +0100 |
parents | 386881985a35 |
children |
rev | line source |
---|---|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
1 define website::https::multitld ( |
277
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
2 Optional[String] $docroot = undef, |
284
9431aec4d998
Switch to using IPv6 prefix and IP per site
IBBoard <dev@ibboard.co.uk>
parents:
281
diff
changeset
|
3 Stdlib::IP::Address $ip = $website::primary_ip, |
289
386881985a35
Make 4to6 proxy optional to match undef default
IBBoard <dev@ibboard.co.uk>
parents:
284
diff
changeset
|
4 Optional[Stdlib::IP::Address::V6] $proxy_4to6_ip = undef, |
277
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
5 Optional[Integer] $priority = undef, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
6 String $base = $name, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
7 Pattern[/^[a-z]+(\.[a-z]+)?$/] $main_tld = $website::tld, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
8 Array $extra_tlds = $website::extra_tlds, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
9 Optional[String] $ssl_ca_chain = undef, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
10 Optional[String] $letsencrypt_name = undef, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
11 Optional[String] $docroot_owner = undef, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
12 Optional[String] $docroot_group = undef, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
13 Optional[String] $custom_fragment = undef, |
469
e0147f345e65
Rework main vs proxy fragments and redirects
IBBoard <dev@ibboard.co.uk>
parents:
289
diff
changeset
|
14 Optional[String] $non_proxy_fragment = undef, |
277
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
15 Optional[Boolean] $force_no_index = undef, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
16 Optional[Boolean] $force_no_www = undef, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
17 Optional[Boolean] $csp = true, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
18 Optional[Hash[String, String]] $csp_override = undef, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
19 Boolean $csp_report = true, |
13825cc1ec57
Replace deprecated validation methods
IBBoard <dev@ibboard.co.uk>
parents:
263
diff
changeset
|
20 Optional[Hash[String, String]] $csp_report_override = undef, |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
21 ) { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
22 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
23 if ! defined(Class['website']) { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
24 fail('You must include the website base class before using any website defined resources') |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
25 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
26 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
27 $alias = domain_to_short_domain($base) |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
28 |
150
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
11
diff
changeset
|
29 $base_aliases = prefix($extra_tlds, "${base}.") |
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
11
diff
changeset
|
30 if $base != $alias { |
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
11
diff
changeset
|
31 $aliases = concat(concat($base_aliases, "${alias}.${main_tld}"), |
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
11
diff
changeset
|
32 prefix($extra_tlds, "${alias}.")) |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
33 } else { |
150
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
11
diff
changeset
|
34 $aliases = $base_aliases |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
35 } |
150
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
11
diff
changeset
|
36 |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
37 $main_domain = "${base}.${main_tld}" |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
38 website::https { $main_domain: |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
39 priority => $priority, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
40 ip => $ip, |
284
9431aec4d998
Switch to using IPv6 prefix and IP per site
IBBoard <dev@ibboard.co.uk>
parents:
281
diff
changeset
|
41 proxy_4to6_ip => $proxy_4to6_ip, |
150
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
11
diff
changeset
|
42 serveraliases => $aliases, |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
43 docroot => $docroot, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
44 docroot_owner => $docroot_owner, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
45 docroot_group => $docroot_group, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
46 ssl_ca_chain => $ssl_ca_chain, |
150
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
11
diff
changeset
|
47 letsencrypt_name => $letsencrypt_name, |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
48 custom_fragment => $custom_fragment, |
469
e0147f345e65
Rework main vs proxy fragments and redirects
IBBoard <dev@ibboard.co.uk>
parents:
289
diff
changeset
|
49 non_proxy_fragment => $non_proxy_fragment, |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
50 force_no_index => $force_no_index, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
51 force_no_www => $force_no_www, |
263 | 52 csp => $csp, |
236
4519b727cc4c
Make Content-Security-Policy cleaner and easier to set
IBBoard <dev@ibboard.co.uk>
parents:
150
diff
changeset
|
53 csp_override => $csp_override, |
263 | 54 csp_report => $csp_report, |
236
4519b727cc4c
Make Content-Security-Policy cleaner and easier to set
IBBoard <dev@ibboard.co.uk>
parents:
150
diff
changeset
|
55 csp_report_override => $csp_report_override, |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
56 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
57 } |