Mercurial > repos > other > Puppet
annotate modules/apache/manifests/mod/remoteip.pp @ 482:d83de9b3a62b default tip
Update hiera.yaml within Puppet config
Forgot that we manage it from here. Now has content to match
new packages
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Fri, 30 Aug 2024 16:10:36 +0100 |
| parents | adf6fe9bbc17 |
| children |
| rev | line source |
|---|---|
|
275
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
1 # @summary |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
2 # Installs and configures `mod_remoteip`. |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
3 # |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
4 # @see https://httpd.apache.org/docs/current/mod/mod_remoteip.html |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
5 # |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
6 # @param header |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
7 # The header field in which `mod_remoteip` will look for the useragent IP. |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
8 # |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
9 # @param internal_proxy |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
10 # A list of IP addresses, IP blocks or hostname that are trusted to set a |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
11 # valid value inside specified header. Unlike the `$trusted_proxy_ips` |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
12 # parameter, any IP address (including private addresses) presented by these |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
13 # proxies will trusted by `mod_remoteip`. |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
14 # |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
15 # @param proxy_ips |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
16 # *Deprecated*: use `$internal_proxy` instead. |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
17 # |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
18 # @param internal_proxy_list |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
19 # The path to a file containing a list of IP addresses, IP blocks or hostname |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
20 # that are trusted to set a valid value inside the specified header. See |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
21 # `$internal_proxy` for details. |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
22 # |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
23 # @param proxies_header |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
24 # A header into which `mod_remoteip` will collect a list of all of the |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
25 # intermediate client IP addresses trusted to resolve the useragent IP of the |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
26 # request (e.g. `X-Forwarded-By`). |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
27 # |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
28 # @param proxy_protocol |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
29 # Wether or not to enable the PROXY protocol header handling. If enabled |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
30 # upstream clients must set the header every time they open a connection. |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
31 # |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
32 # @param proxy_protocol_exceptions |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
33 # A list of IP address or IP blocks that are not required to use the PROXY |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
34 # protocol. |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
35 # |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
36 # @param trusted_proxy |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
37 # A list of IP addresses, IP blocks or hostname that are trusted to set a |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
38 # valid value inside the specified header. Unlike the `$proxy_ips` parameter, |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
39 # any private IP presented by these proxies will be disgarded by |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
40 # `mod_remoteip`. |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
41 # |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
42 # @param trusted_proxy_ips |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
43 # *Deprecated*: use `$trusted_proxy` instead. |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
44 # |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
45 # @param trusted_proxy_list |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
46 # The path to a file containing a list of IP addresses, IP blocks or hostname |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
47 # that are trusted to set a valid value inside the specified header. See |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
48 # `$trusted_proxy` for details. |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
49 # |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
50 # @see https://httpd.apache.org/docs/current/mod/mod_remoteip.html for additional documentation. |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
51 # |
|
257
675c1cc61eaf
Update Apache module to get CentOS 8 support
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
52 class apache::mod::remoteip ( |
|
275
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
53 String $header = 'X-Forwarded-For', |
|
478
adf6fe9bbc17
Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents:
437
diff
changeset
|
54 Optional[Array[Stdlib::Host]] $internal_proxy = undef, |
|
adf6fe9bbc17
Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents:
437
diff
changeset
|
55 Optional[Array[Stdlib::Host]] $proxy_ips = undef, |
|
275
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
56 Optional[Stdlib::Absolutepath] $internal_proxy_list = undef, |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
57 Optional[String] $proxies_header = undef, |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
58 Boolean $proxy_protocol = false, |
|
478
adf6fe9bbc17
Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents:
437
diff
changeset
|
59 Optional[Array[Stdlib::Host]] $proxy_protocol_exceptions = undef, |
|
275
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
60 Optional[Array[Stdlib::Host]] $trusted_proxy = undef, |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
61 Optional[Array[Stdlib::Host]] $trusted_proxy_ips = undef, |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
62 Optional[Stdlib::Absolutepath] $trusted_proxy_list = undef, |
|
257
675c1cc61eaf
Update Apache module to get CentOS 8 support
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
63 ) { |
|
437
b8d6ada284dd
Update Apache module to latest version
IBBoard <dev@ibboard.co.uk>
parents:
275
diff
changeset
|
64 include apache |
|
275
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
65 |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
66 if $proxy_ips { |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
67 deprecation('apache::mod::remoteip::proxy_ips', 'This parameter is deprecated, please use `internal_proxy`.') |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
68 $_internal_proxy = $proxy_ips |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
69 } elsif $internal_proxy { |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
70 $_internal_proxy = $internal_proxy |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
71 } else { |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
72 $_internal_proxy = ['127.0.0.1'] |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
73 } |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
74 |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
75 if $trusted_proxy_ips { |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
76 deprecation('apache::mod::remoteip::trusted_proxy_ips', 'This parameter is deprecated, please use `trusted_proxy`.') |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
77 $_trusted_proxy = $trusted_proxy_ips |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
78 } else { |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
79 $_trusted_proxy = $trusted_proxy |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
80 } |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
81 |
|
257
675c1cc61eaf
Update Apache module to get CentOS 8 support
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
82 ::apache::mod { 'remoteip': } |
|
675c1cc61eaf
Update Apache module to get CentOS 8 support
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
83 |
|
275
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
84 $template_parameters = { |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
85 header => $header, |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
86 internal_proxy => $_internal_proxy, |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
87 internal_proxy_list => $internal_proxy_list, |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
88 proxies_header => $proxies_header, |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
89 proxy_protocol => $proxy_protocol, |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
90 proxy_protocol_exceptions => $proxy_protocol_exceptions, |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
91 trusted_proxy => $_trusted_proxy, |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
92 trusted_proxy_list => $trusted_proxy_list, |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
93 } |
|
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
94 |
|
257
675c1cc61eaf
Update Apache module to get CentOS 8 support
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
95 file { 'remoteip.conf': |
|
675c1cc61eaf
Update Apache module to get CentOS 8 support
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
96 ensure => file, |
|
437
b8d6ada284dd
Update Apache module to latest version
IBBoard <dev@ibboard.co.uk>
parents:
275
diff
changeset
|
97 path => "${apache::mod_dir}/remoteip.conf", |
|
b8d6ada284dd
Update Apache module to latest version
IBBoard <dev@ibboard.co.uk>
parents:
275
diff
changeset
|
98 mode => $apache::file_mode, |
|
275
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
99 content => epp('apache/mod/remoteip.conf.epp', $template_parameters), |
|
437
b8d6ada284dd
Update Apache module to latest version
IBBoard <dev@ibboard.co.uk>
parents:
275
diff
changeset
|
100 require => Exec["mkdir ${apache::mod_dir}"], |
|
b8d6ada284dd
Update Apache module to latest version
IBBoard <dev@ibboard.co.uk>
parents:
275
diff
changeset
|
101 before => File[$apache::mod_dir], |
|
275
d9352a684e62
Mass update of modules to remove deprecation warnings
IBBoard <dev@ibboard.co.uk>
parents:
257
diff
changeset
|
102 notify => Class['apache::service'], |
|
257
675c1cc61eaf
Update Apache module to get CentOS 8 support
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
103 } |
|
675c1cc61eaf
Update Apache module to get CentOS 8 support
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
104 } |