Mercurial > repos > other > Puppet
view modules/website/manifests/https/redir.pp @ 7:3523e4c2604c
Disable slow query logging - it got quite large and needs looking at!
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Wed, 08 Oct 2014 19:45:21 +0000 |
| parents | 956e484adc12 |
| children | 16e9e26337be |
line wrap: on
line source
# If the SSL cert and key are defined then the definer deals with them existing # If the SSL cert and key are not defined then we use template file paths and ensure they exist define website::https::redir( $docroot = undef, $ip = $website::primary_ip, $redir, $ssl_cert = undef, $ssl_key = undef, $ssl_ca_chain = $website::ca_chain, $docroot_owner = undef, $docroot_group = undef, $serveraliases = [], $ensure = 'present', $separate_log = false, ) { validate_re($ensure, '^(present|absent)$', "${ensure} is not supported for ensure. Allowed values are 'present' and 'absent'.") $shortname = domain_to_short_name($name) $logpart = $shortname $shortdomain = domain_to_short_domain($name) if $separate_log { $log_extra = '_redir' } else { $log_extra = '' } if $docroot == undef { $siteroot = "${website::basedir}/${shortname}" } else { $siteroot = $docroot } if $ssl_cert == undef { $sslcert = "${website::certdir}/${shortdomain}.crt" $sslkey = "${website::certdir}/${shortdomain}.key" if ! defined(File[$sslcert]) { file { $sslcert: source => "puppet:///private/pki/custom/${shortdomain}.crt", before => Apache::Vhost[$name], notify => Service['httpd'], ensure => present; } } if ! defined(File["/etc/pki/custom/$ssl_chain"]) { file { $ssslkey: source => "puppet:///private/pki/custom/${shortdomain}.key", before => Apache::Vhost[$name], notify => Service['httpd'], ensure => present; } } } else { $sslcert = $ssl_cert $sslkey = $ssl_key } if $ssl_ca_chain == '' { # Special case where we're directly under the CA and don't want to unnecessarily send the CA cert $ssl_chain = undef } else { $ssl_chain = "/etc/pki/custom/$ssl_ca_chain" if ! defined(File[$ssl_chain]) { file { $ssl_chain: ensure => present, source => "puppet:///private/pki/custom/$ssl_ca_chain", notify => Service['httpd'], } } } if $docroot_owner == undef { $owner = $website::docroot_owner } else { $owner = $docroot_owner } if $docroot_group == undef { $group = $website::docroot_group } else { $group = $docroot_group } apache::vhost { $name: ip => $ip, port => '443', docroot => $siteroot, docroot_owner => $owner, docroot_group => $group, redirect_status => 'permanent', redirect_dest => $redir, custom_fragment => 'Header add Strict-Transport-Security "max-age=16070400; includeSubDomains"', logroot => '/var/log/apache/', access_log_file => "access_${logpart}${log_extra}.log", error_log_file => "error_${logpart}${log_extra}.log", serveraliases => $serveraliases, ssl => true, ssl_cert => $sslcert, ssl_key => $sslkey, ssl_chain => $ssl_chain, ensure => $ensure, } apache::vhost { "${name}-80": servername => $name, port => 80, docroot => $siteroot, docroot_owner => $owner, docroot_group => $group, redirect_status => 'permanent', redirect_dest => $redir, serveraliases => $serveraliases, logroot => '/var/log/apache/', access_log_file => "access_${logpart}${log_extra}_nossl.log", error_log_file => "error_${logpart}${log_extra}_nossl.log", } }