Mercurial > repos > other > Puppet
comparison modules/website/manifests/https.pp @ 281:af7df930a670
Add 4-to-6 proxy and mod_remoteip setup
Includes adding a separate fragment for the proxy (defaults to
the main fragment) for sites like Dev where duplicate WSGIDaemon
definitions cause errors.
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Sat, 15 Feb 2020 19:07:11 +0000 |
| parents | 13825cc1ec57 |
| children | 9431aec4d998 |
comparison
equal
deleted
inserted
replaced
| 280:8f33f0bddd39 | 281:af7df930a670 |
|---|---|
| 11 $docroot_owner = undef, | 11 $docroot_owner = undef, |
| 12 $docroot_group = undef, | 12 $docroot_group = undef, |
| 13 $serveraliases = [], | 13 $serveraliases = [], |
| 14 $ensure = 'present', | 14 $ensure = 'present', |
| 15 $custom_fragment = '', | 15 $custom_fragment = '', |
| 16 Optional[String] $proxy_fragment = $custom_fragment, | |
| 16 $force_no_www = true, | 17 $force_no_www = true, |
| 17 $force_no_index = true, | 18 $force_no_index = true, |
| 18 $lockdown_requests = true, | 19 $lockdown_requests = true, |
| 19 $csp = true, | 20 $csp = true, |
| 20 $csp_override = undef, | 21 $csp_override = undef, |
| 159 ensure => $ensure, | 160 ensure => $ensure, |
| 160 } | 161 } |
| 161 | 162 |
| 162 apache::vhost { "${name}-80": | 163 apache::vhost { "${name}-80": |
| 163 servername => $name, | 164 servername => $name, |
| 165 ip => $ip, | |
| 164 port => 80, | 166 port => 80, |
| 165 docroot => $siteroot, | 167 docroot => $siteroot, |
| 166 redirect_status => 'permanent', | 168 redirect_status => 'permanent', |
| 167 redirect_dest => "https://$name/", | 169 redirect_dest => "https://$name/", |
| 168 serveraliases => $serveraliases, | 170 serveraliases => $serveraliases, |
| 169 logroot => '/var/log/apache/', | 171 logroot => '/var/log/apache/', |
| 170 access_log_file => "access_${logpart}_nossl.log", | 172 access_log_file => "access_${logpart}_nossl.log", |
| 171 access_log_format => "%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-agent}i\\\" %{Host}i", | 173 access_log_format => "%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-agent}i\\\" %{Host}i", |
| 172 error_log_file => "error_${logpart}_nossl.log", | 174 error_log_file => "error_${logpart}_nossl.log", |
| 173 } | 175 } |
| 176 | |
| 177 if ($website::proxy_6to4_ip != undef) { | |
| 178 apache::vhost { "$name-PROXY": | |
| 179 servername => $name, | |
| 180 ip => $website::proxy_6to4_ip, | |
| 181 port => '443', | |
| 182 priority => $priority, | |
| 183 docroot => $siteroot, | |
| 184 docroot_owner => $owner, | |
| 185 docroot_group => $group, | |
| 186 docroot_mode => '2775', | |
| 187 custom_fragment => "RemoteIPProxyProtocol On | |
| 188 $custom_conf2 | |
| 189 $proxy_fragment", | |
| 190 logroot => '/var/log/apache/', | |
| 191 access_log_file => "access_${logpart}.log", | |
| 192 access_log_format => "%a %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-agent}i\\\" %{Host}i", | |
| 193 error_log_file => "error_${logpart}.log", | |
| 194 serveraliases => $serveraliases, | |
| 195 ssl => true, | |
| 196 ssl_cert => $sslcert, | |
| 197 ssl_key => $sslkey, | |
| 198 ssl_chain => $ssl_chain, | |
| 199 ensure => $ensure, | |
| 200 } | |
| 201 | |
| 202 apache::vhost { "${name}-80-PROXY": | |
| 203 servername => $name, | |
| 204 ip => $website::proxy_6to4_ip, | |
| 205 port => 80, | |
| 206 docroot => $siteroot, | |
| 207 redirect_status => 'permanent', | |
| 208 redirect_dest => "https://$name/", | |
| 209 serveraliases => $serveraliases, | |
| 210 custom_fragment => "RemoteIPProxyProtocol On", | |
| 211 logroot => '/var/log/apache/', | |
| 212 access_log_file => "access_${logpart}_nossl.log", | |
| 213 access_log_format => "%a %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-agent}i\\\" %{Host}i", | |
| 214 error_log_file => "error_${logpart}_nossl.log", | |
| 215 } | |
| 216 } | |
| 174 } | 217 } |