other/Puppet: modules/website/manifests/https.pp annotate

annotate modules/website/manifests/https.pp @ 263:f99974dc0f1a

Add a way to skip setting CSP NextCloud manages CSP itself, so we don't need the header in the PIM subdomain causing confusion and incorrect results

author	IBBoard <dev@ibboard.co.uk>
date	Sun, 29 Dec 2019 16:43:55 +0000
parents	0ebd8efeef04
children	13825cc1ec57

rev	line source
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	1 # If the SSL cert and key are defined then the definer deals with them existing
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	2 # If the SSL cert and key are not defined then we use template file paths and ensure they exist
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	3 define website::https(
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	4 $docroot = undef,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	5 $ip = $website::primary_ip,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	6 $ssl_cert = undef,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	7 $ssl_key = undef,
133 9337c9ce648a Switch to using LetsEncrypt certs by default IBBoard <dev@ibboard.co.uk> parents: 106 diff changeset	8 $ssl_ca_chain = undef,
150 060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity IBBoard <dev@ibboard.co.uk> parents: 136 diff changeset	9 $letsencrypt_name = undef,
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	10 $priority = undef,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	11 $docroot_owner = undef,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	12 $docroot_group = undef,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	13 $serveraliases = [],
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	14 $ensure = 'present',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	15 $custom_fragment = '',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	16 $force_no_www = true,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	17 $force_no_index = true,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	18 $lockdown_requests = true,
263 f99974dc0f1a Add a way to skip setting CSP IBBoard <dev@ibboard.co.uk> parents: 256 diff changeset	19 $csp = true,
236 4519b727cc4c Make Content-Security-Policy cleaner and easier to set IBBoard <dev@ibboard.co.uk> parents: 182 diff changeset	20 $csp_override = undef,
263 f99974dc0f1a Add a way to skip setting CSP IBBoard <dev@ibboard.co.uk> parents: 256 diff changeset	21 $csp_report = true,
236 4519b727cc4c Make Content-Security-Policy cleaner and easier to set IBBoard <dev@ibboard.co.uk> parents: 182 diff changeset	22 $csp_report_override = undef,
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	23 ) {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	24
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	25 if ! defined(Class['website']) {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	26 fail('You must include the website base class before using any website defined resources')
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	27 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	28
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	29 validate_re($ensure, '^(present\|absent)$',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	30 "${ensure} is not supported for ensure.
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	31 Allowed values are 'present' and 'absent'.")
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	32
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	33 $shortname = domain_to_short_name($name)
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	34 $logpart = $shortname
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	35 $shortdomain = domain_to_short_domain($name)
155 e661cb2dd942 Make sure that we still redirect to non-www if we want it IBBoard <dev@ibboard.co.uk> parents: 150 diff changeset	36 if $force_no_www {
e661cb2dd942 Make sure that we still redirect to non-www if we want it IBBoard <dev@ibboard.co.uk> parents: 150 diff changeset	37 $primary_name = $shortdomain
e661cb2dd942 Make sure that we still redirect to non-www if we want it IBBoard <dev@ibboard.co.uk> parents: 150 diff changeset	38 } else {
e661cb2dd942 Make sure that we still redirect to non-www if we want it IBBoard <dev@ibboard.co.uk> parents: 150 diff changeset	39 $primary_name = $name
e661cb2dd942 Make sure that we still redirect to non-www if we want it IBBoard <dev@ibboard.co.uk> parents: 150 diff changeset	40 }
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	41
263 f99974dc0f1a Add a way to skip setting CSP IBBoard <dev@ibboard.co.uk> parents: 256 diff changeset	42 if $csp {
f99974dc0f1a Add a way to skip setting CSP IBBoard <dev@ibboard.co.uk> parents: 256 diff changeset	43 $csp_string = hash_to_csp($website::csp_base, $csp_override)
f99974dc0f1a Add a way to skip setting CSP IBBoard <dev@ibboard.co.uk> parents: 256 diff changeset	44 }
f99974dc0f1a Add a way to skip setting CSP IBBoard <dev@ibboard.co.uk> parents: 256 diff changeset	45 if $csp_report {
f99974dc0f1a Add a way to skip setting CSP IBBoard <dev@ibboard.co.uk> parents: 256 diff changeset	46 $csp_report_string = hash_to_csp($website::csp_report_base, $csp_report_override)
f99974dc0f1a Add a way to skip setting CSP IBBoard <dev@ibboard.co.uk> parents: 256 diff changeset	47 }
236 4519b727cc4c Make Content-Security-Policy cleaner and easier to set IBBoard <dev@ibboard.co.uk> parents: 182 diff changeset	48
150 060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity IBBoard <dev@ibboard.co.uk> parents: 136 diff changeset	49 $custom_conf0 = template('website/https_core_conf.erb')
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	50
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	51 if $force_no_index {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	52 $custom_conf1 = "$custom_conf0
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	53 Include conf.extra/no-index.conf"
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	54 } else {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	55 $custom_conf1 = $custom_conf0
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	56 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	57
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	58 if $lockdown_requests {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	59 $custom_conf2 = "$custom_conf1
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	60 Include conf.custom/filter-core.conf"
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	61 } else {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	62 $custom_conf2 = $custom_conf1
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	63 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	64
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	65 if $custom_fragment {
150 060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity IBBoard <dev@ibboard.co.uk> parents: 136 diff changeset	66 $custom_conf = "$custom_conf2
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	67 #Additional custom fragment
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	68 $custom_fragment"
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	69 } else {
150 060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity IBBoard <dev@ibboard.co.uk> parents: 136 diff changeset	70 $custom_conf = $custom_conf2
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	71 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	72
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	73 if $docroot == undef {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	74 $siteroot = "${website::basedir}/${shortname}"
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	75 } else {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	76 $siteroot = $docroot
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	77 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	78
136 765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern IBBoard <dev@ibboard.co.uk> parents: 133 diff changeset	79 # These conditionals use an ugly cludge from
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern IBBoard <dev@ibboard.co.uk> parents: 133 diff changeset	80 # http://grokbase.com/t/gg/puppet-users/147by1key3/checking-a-variable-is-not-undef#20140713grem6zqsai7qjbgkmd2f4ia3qi
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern IBBoard <dev@ibboard.co.uk> parents: 133 diff changeset	81 # because if we don't then undef gets auto-cast to the empty string and the empty string matches our special "no CA chain" case
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern IBBoard <dev@ibboard.co.uk> parents: 133 diff changeset	82 # It'd be nicer to use "=~ Undef" to check types (https://puppet-on-the-edge.blogspot.co.uk/2013/12/lets-talk-about-undef.html),
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern IBBoard <dev@ibboard.co.uk> parents: 133 diff changeset	83 # but that threw syntax errors.
150 060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity IBBoard <dev@ibboard.co.uk> parents: 136 diff changeset	84 if $ssl_cert != undef {
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity IBBoard <dev@ibboard.co.uk> parents: 136 diff changeset	85 $sslcert = $ssl_cert
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity IBBoard <dev@ibboard.co.uk> parents: 136 diff changeset	86 $sslkey = $ssl_key
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity IBBoard <dev@ibboard.co.uk> parents: 136 diff changeset	87 } elsif $ssl_ca_chain == "" and ("" in [$ssl_ca_chain]) {
136 765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern IBBoard <dev@ibboard.co.uk> parents: 133 diff changeset	88 $sslcert = "${website::certdir}/${shortdomain}.crt"
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern IBBoard <dev@ibboard.co.uk> parents: 133 diff changeset	89 $sslkey = "${website::certdir}/${shortdomain}.key"
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern IBBoard <dev@ibboard.co.uk> parents: 133 diff changeset	90 File {
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern IBBoard <dev@ibboard.co.uk> parents: 133 diff changeset	91 mode => '0400',
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern IBBoard <dev@ibboard.co.uk> parents: 133 diff changeset	92 owner => 'root',
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern IBBoard <dev@ibboard.co.uk> parents: 133 diff changeset	93 group => 'root',
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern IBBoard <dev@ibboard.co.uk> parents: 133 diff changeset	94 }
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern IBBoard <dev@ibboard.co.uk> parents: 133 diff changeset	95 file { $sslcert:
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern IBBoard <dev@ibboard.co.uk> parents: 133 diff changeset	96 source => "puppet:///private/pki/custom/${shortdomain}.crt",
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern IBBoard <dev@ibboard.co.uk> parents: 133 diff changeset	97 before => Apache::Vhost[$name],
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern IBBoard <dev@ibboard.co.uk> parents: 133 diff changeset	98 notify => Service['httpd'],
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern IBBoard <dev@ibboard.co.uk> parents: 133 diff changeset	99 ensure => present;
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern IBBoard <dev@ibboard.co.uk> parents: 133 diff changeset	100 }
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern IBBoard <dev@ibboard.co.uk> parents: 133 diff changeset	101 file { $sslkey:
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern IBBoard <dev@ibboard.co.uk> parents: 133 diff changeset	102 source => "puppet:///private/pki/custom/${shortdomain}.key",
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern IBBoard <dev@ibboard.co.uk> parents: 133 diff changeset	103 before => Apache::Vhost[$name],
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern IBBoard <dev@ibboard.co.uk> parents: 133 diff changeset	104 notify => Service['httpd'],
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern IBBoard <dev@ibboard.co.uk> parents: 133 diff changeset	105 ensure => present;
765e72629b3e Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern IBBoard <dev@ibboard.co.uk> parents: 133 diff changeset	106 }
150 060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity IBBoard <dev@ibboard.co.uk> parents: 136 diff changeset	107 } elsif $letsencrypt_name != undef {
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity IBBoard <dev@ibboard.co.uk> parents: 136 diff changeset	108 $sslcert = "/etc/letsencrypt/live/${letsencrypt_name}/cert.pem"
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity IBBoard <dev@ibboard.co.uk> parents: 136 diff changeset	109 $sslkey = "/etc/letsencrypt/live/${letsencrypt_name}/privkey.pem"
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	110 } else {
150 060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity IBBoard <dev@ibboard.co.uk> parents: 136 diff changeset	111 $sslcert = "/etc/letsencrypt/live/${::fqdn}/cert.pem"
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity IBBoard <dev@ibboard.co.uk> parents: 136 diff changeset	112 $sslkey = "/etc/letsencrypt/live/${::fqdn}/privkey.pem"
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	113 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	114
256 0ebd8efeef04 Merge Puppet divergences and fix SSL chain issues it caused IBBoard <dev@ibboard.co.uk> parents: 236 diff changeset	115 if $ssl_ca_chain == '' and '' in [$ssl_ca_chain] {
0ebd8efeef04 Merge Puppet divergences and fix SSL chain issues it caused IBBoard <dev@ibboard.co.uk> parents: 236 diff changeset	116 # Special case where we're directly under the CA and don't want to unnecessarily send the CA cert
0ebd8efeef04 Merge Puppet divergences and fix SSL chain issues it caused IBBoard <dev@ibboard.co.uk> parents: 236 diff changeset	117 $ssl_chain = undef
0ebd8efeef04 Merge Puppet divergences and fix SSL chain issues it caused IBBoard <dev@ibboard.co.uk> parents: 236 diff changeset	118 } elsif $ssl_ca_chain != undef {
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	119 $ssl_chain = "/etc/pki/custom/$ssl_ca_chain"
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	120 if ! defined(File[$ssl_chain]) {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	121 file { $ssl_chain:
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	122 ensure => present,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	123 source => "puppet:///private/pki/custom/$ssl_ca_chain",
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	124 notify => Service['httpd'],
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	125 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	126 }
150 060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity IBBoard <dev@ibboard.co.uk> parents: 136 diff changeset	127 } elsif $letsencrypt_name != undef {
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity IBBoard <dev@ibboard.co.uk> parents: 136 diff changeset	128 $ssl_chain = "/etc/letsencrypt/live/${letsencrypt_name}/chain.pem"
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity IBBoard <dev@ibboard.co.uk> parents: 136 diff changeset	129 } else {
060f81349dd6 Restructure HTTPS certificates and multiple TLD sites for clarity IBBoard <dev@ibboard.co.uk> parents: 136 diff changeset	130 $ssl_chain = $website::ca_chain
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	131 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	132
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	133 if $docroot_owner == undef {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	134 $owner = $website::docroot_owner
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	135 } else {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	136 $owner = $docroot_owner
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	137 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	138
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	139 if $docroot_group == undef {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	140 $group = $website::docroot_group
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	141 } else {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	142 $group = $docroot_group
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	143 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	144
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	145 apache::vhost { $name:
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	146 ip => $ip,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	147 port => '443',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	148 priority => $priority,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	149 docroot => $siteroot,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	150 docroot_owner => $owner,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	151 docroot_group => $group,
182 1df1e161bbb5 Set group sticky bit on all sites to ease collaboration IBBoard <dev@ibboard.co.uk> parents: 161 diff changeset	152 docroot_mode => '2775',
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	153 custom_fragment => $custom_conf,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	154 logroot => '/var/log/apache/',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	155 access_log_file => "access_${logpart}.log",
161 d2b4750e843a Add custom log format - combined plus requested domain IBBoard <dev@ibboard.co.uk> parents: 155 diff changeset	156 access_log_format => "%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-agent}i\\\" %{Host}i",
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	157 error_log_file => "error_${logpart}.log",
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	158 serveraliases => $serveraliases,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	159 ssl => true,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	160 ssl_cert => $sslcert,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	161 ssl_key => $sslkey,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	162 ssl_chain => $ssl_chain,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	163 ensure => $ensure,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	164 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	165
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	166 apache::vhost { "${name}-80":
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	167 servername => $name,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	168 port => 80,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	169 docroot => $siteroot,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	170 redirect_status => 'permanent',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	171 redirect_dest => "https://$name/",
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	172 serveraliases => $serveraliases,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	173 logroot => '/var/log/apache/',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	174 access_log_file => "access_${logpart}_nossl.log",
161 d2b4750e843a Add custom log format - combined plus requested domain IBBoard <dev@ibboard.co.uk> parents: 155 diff changeset	175 access_log_format => "%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-agent}i\\\" %{Host}i",
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	176 error_log_file => "error_${logpart}_nossl.log",
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	177 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	178 }

Mercurial > repos > other > Puppet

annotate modules/website/manifests/https.pp @ 263:f99974dc0f1a