Mercurial > repos > other > Puppet
annotate modules/website/manifests/https.pp @ 263:f99974dc0f1a
Add a way to skip setting CSP
NextCloud manages CSP itself, so we don't need the header in the
PIM subdomain causing confusion and incorrect results
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Sun, 29 Dec 2019 16:43:55 +0000 |
parents | 0ebd8efeef04 |
children | 13825cc1ec57 |
rev | line source |
---|---|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
1 # If the SSL cert and key are defined then the definer deals with them existing |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
2 # If the SSL cert and key are not defined then we use template file paths and ensure they exist |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
3 define website::https( |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
4 $docroot = undef, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
5 $ip = $website::primary_ip, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
6 $ssl_cert = undef, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
7 $ssl_key = undef, |
133
9337c9ce648a
Switch to using LetsEncrypt certs by default
IBBoard <dev@ibboard.co.uk>
parents:
106
diff
changeset
|
8 $ssl_ca_chain = undef, |
150
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
136
diff
changeset
|
9 $letsencrypt_name = undef, |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
10 $priority = undef, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
11 $docroot_owner = undef, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
12 $docroot_group = undef, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
13 $serveraliases = [], |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
14 $ensure = 'present', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
15 $custom_fragment = '', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
16 $force_no_www = true, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
17 $force_no_index = true, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
18 $lockdown_requests = true, |
263 | 19 $csp = true, |
236
4519b727cc4c
Make Content-Security-Policy cleaner and easier to set
IBBoard <dev@ibboard.co.uk>
parents:
182
diff
changeset
|
20 $csp_override = undef, |
263 | 21 $csp_report = true, |
236
4519b727cc4c
Make Content-Security-Policy cleaner and easier to set
IBBoard <dev@ibboard.co.uk>
parents:
182
diff
changeset
|
22 $csp_report_override = undef, |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
23 ) { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
24 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
25 if ! defined(Class['website']) { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
26 fail('You must include the website base class before using any website defined resources') |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
27 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
28 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
29 validate_re($ensure, '^(present|absent)$', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
30 "${ensure} is not supported for ensure. |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
31 Allowed values are 'present' and 'absent'.") |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
32 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
33 $shortname = domain_to_short_name($name) |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
34 $logpart = $shortname |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
35 $shortdomain = domain_to_short_domain($name) |
155
e661cb2dd942
Make sure that we still redirect to non-www if we want it
IBBoard <dev@ibboard.co.uk>
parents:
150
diff
changeset
|
36 if $force_no_www { |
e661cb2dd942
Make sure that we still redirect to non-www if we want it
IBBoard <dev@ibboard.co.uk>
parents:
150
diff
changeset
|
37 $primary_name = $shortdomain |
e661cb2dd942
Make sure that we still redirect to non-www if we want it
IBBoard <dev@ibboard.co.uk>
parents:
150
diff
changeset
|
38 } else { |
e661cb2dd942
Make sure that we still redirect to non-www if we want it
IBBoard <dev@ibboard.co.uk>
parents:
150
diff
changeset
|
39 $primary_name = $name |
e661cb2dd942
Make sure that we still redirect to non-www if we want it
IBBoard <dev@ibboard.co.uk>
parents:
150
diff
changeset
|
40 } |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
41 |
263 | 42 if $csp { |
43 $csp_string = hash_to_csp($website::csp_base, $csp_override) | |
44 } | |
45 if $csp_report { | |
46 $csp_report_string = hash_to_csp($website::csp_report_base, $csp_report_override) | |
47 } | |
236
4519b727cc4c
Make Content-Security-Policy cleaner and easier to set
IBBoard <dev@ibboard.co.uk>
parents:
182
diff
changeset
|
48 |
150
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
136
diff
changeset
|
49 $custom_conf0 = template('website/https_core_conf.erb') |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
50 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
51 if $force_no_index { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
52 $custom_conf1 = "$custom_conf0 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
53 Include conf.extra/no-index.conf" |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
54 } else { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
55 $custom_conf1 = $custom_conf0 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
56 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
57 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
58 if $lockdown_requests { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
59 $custom_conf2 = "$custom_conf1 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
60 Include conf.custom/filter-core.conf" |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
61 } else { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
62 $custom_conf2 = $custom_conf1 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
63 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
64 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
65 if $custom_fragment { |
150
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
136
diff
changeset
|
66 $custom_conf = "$custom_conf2 |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
67 #Additional custom fragment |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
68 $custom_fragment" |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
69 } else { |
150
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
136
diff
changeset
|
70 $custom_conf = $custom_conf2 |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
71 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
72 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
73 if $docroot == undef { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
74 $siteroot = "${website::basedir}/${shortname}" |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
75 } else { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
76 $siteroot = $docroot |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
77 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
78 |
136
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
79 # These conditionals use an ugly cludge from |
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
80 # http://grokbase.com/t/gg/puppet-users/147by1key3/checking-a-variable-is-not-undef#20140713grem6zqsai7qjbgkmd2f4ia3qi |
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
81 # because if we don't then undef gets auto-cast to the empty string and the empty string matches our special "no CA chain" case |
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
82 # It'd be nicer to use "=~ Undef" to check types (https://puppet-on-the-edge.blogspot.co.uk/2013/12/lets-talk-about-undef.html), |
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
83 # but that threw syntax errors. |
150
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
136
diff
changeset
|
84 if $ssl_cert != undef { |
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
136
diff
changeset
|
85 $sslcert = $ssl_cert |
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
136
diff
changeset
|
86 $sslkey = $ssl_key |
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
136
diff
changeset
|
87 } elsif $ssl_ca_chain == "" and ("" in [$ssl_ca_chain]) { |
136
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
88 $sslcert = "${website::certdir}/${shortdomain}.crt" |
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
89 $sslkey = "${website::certdir}/${shortdomain}.key" |
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
90 File { |
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
91 mode => '0400', |
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
92 owner => 'root', |
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
93 group => 'root', |
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
94 } |
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
95 file { $sslcert: |
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
96 source => "puppet:///private/pki/custom/${shortdomain}.crt", |
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
97 before => Apache::Vhost[$name], |
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
98 notify => Service['httpd'], |
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
99 ensure => present; |
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
100 } |
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
101 file { $sslkey: |
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
102 source => "puppet:///private/pki/custom/${shortdomain}.key", |
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
103 before => Apache::Vhost[$name], |
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
104 notify => Service['httpd'], |
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
105 ensure => present; |
765e72629b3e
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
IBBoard <dev@ibboard.co.uk>
parents:
133
diff
changeset
|
106 } |
150
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
136
diff
changeset
|
107 } elsif $letsencrypt_name != undef { |
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
136
diff
changeset
|
108 $sslcert = "/etc/letsencrypt/live/${letsencrypt_name}/cert.pem" |
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
136
diff
changeset
|
109 $sslkey = "/etc/letsencrypt/live/${letsencrypt_name}/privkey.pem" |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
110 } else { |
150
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
136
diff
changeset
|
111 $sslcert = "/etc/letsencrypt/live/${::fqdn}/cert.pem" |
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
136
diff
changeset
|
112 $sslkey = "/etc/letsencrypt/live/${::fqdn}/privkey.pem" |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
113 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
114 |
256
0ebd8efeef04
Merge Puppet divergences and fix SSL chain issues it caused
IBBoard <dev@ibboard.co.uk>
parents:
236
diff
changeset
|
115 if $ssl_ca_chain == '' and '' in [$ssl_ca_chain] { |
0ebd8efeef04
Merge Puppet divergences and fix SSL chain issues it caused
IBBoard <dev@ibboard.co.uk>
parents:
236
diff
changeset
|
116 # Special case where we're directly under the CA and don't want to unnecessarily send the CA cert |
0ebd8efeef04
Merge Puppet divergences and fix SSL chain issues it caused
IBBoard <dev@ibboard.co.uk>
parents:
236
diff
changeset
|
117 $ssl_chain = undef |
0ebd8efeef04
Merge Puppet divergences and fix SSL chain issues it caused
IBBoard <dev@ibboard.co.uk>
parents:
236
diff
changeset
|
118 } elsif $ssl_ca_chain != undef { |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
119 $ssl_chain = "/etc/pki/custom/$ssl_ca_chain" |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
120 if ! defined(File[$ssl_chain]) { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
121 file { $ssl_chain: |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
122 ensure => present, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
123 source => "puppet:///private/pki/custom/$ssl_ca_chain", |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
124 notify => Service['httpd'], |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
125 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
126 } |
150
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
136
diff
changeset
|
127 } elsif $letsencrypt_name != undef { |
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
136
diff
changeset
|
128 $ssl_chain = "/etc/letsencrypt/live/${letsencrypt_name}/chain.pem" |
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
136
diff
changeset
|
129 } else { |
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
136
diff
changeset
|
130 $ssl_chain = $website::ca_chain |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
131 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
132 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
133 if $docroot_owner == undef { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
134 $owner = $website::docroot_owner |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
135 } else { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
136 $owner = $docroot_owner |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
137 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
138 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
139 if $docroot_group == undef { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
140 $group = $website::docroot_group |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
141 } else { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
142 $group = $docroot_group |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
143 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
144 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
145 apache::vhost { $name: |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
146 ip => $ip, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
147 port => '443', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
148 priority => $priority, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
149 docroot => $siteroot, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
150 docroot_owner => $owner, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
151 docroot_group => $group, |
182
1df1e161bbb5
Set group sticky bit on all sites to ease collaboration
IBBoard <dev@ibboard.co.uk>
parents:
161
diff
changeset
|
152 docroot_mode => '2775', |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
153 custom_fragment => $custom_conf, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
154 logroot => '/var/log/apache/', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
155 access_log_file => "access_${logpart}.log", |
161
d2b4750e843a
Add custom log format - combined plus requested domain
IBBoard <dev@ibboard.co.uk>
parents:
155
diff
changeset
|
156 access_log_format => "%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-agent}i\\\" %{Host}i", |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
157 error_log_file => "error_${logpart}.log", |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
158 serveraliases => $serveraliases, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
159 ssl => true, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
160 ssl_cert => $sslcert, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
161 ssl_key => $sslkey, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
162 ssl_chain => $ssl_chain, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
163 ensure => $ensure, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
164 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
165 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
166 apache::vhost { "${name}-80": |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
167 servername => $name, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
168 port => 80, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
169 docroot => $siteroot, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
170 redirect_status => 'permanent', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
171 redirect_dest => "https://$name/", |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
172 serveraliases => $serveraliases, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
173 logroot => '/var/log/apache/', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
174 access_log_file => "access_${logpart}_nossl.log", |
161
d2b4750e843a
Add custom log format - combined plus requested domain
IBBoard <dev@ibboard.co.uk>
parents:
155
diff
changeset
|
175 access_log_format => "%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-agent}i\\\" %{Host}i", |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
176 error_log_file => "error_${logpart}_nossl.log", |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
177 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
178 } |