Mercurial > repos > other > Puppet

view modules/website/manifests/https/multitld.pp @ 469:e0147f345e65

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Rework main vs proxy fragments and redirects This ensures our site for IPv4 proxy users has the same config while avoiding redefining any per-site WSGI pools etc Redirects and logging were reworked to avoid redirecting users that we're only going to block anyway
author IBBoard <dev@ibboard.co.uk>
date Sun, 12 May 2024 19:49:42 +0100
parents 386881985a35
children
line wrap: on
line source

define website::https::multitld (
  Optional[String] $docroot = undef,
  Stdlib::IP::Address $ip = $website::primary_ip,
  Optional[Stdlib::IP::Address::V6] $proxy_4to6_ip = undef,
  Optional[Integer] $priority       = undef,
  String $base            = $name,
  Pattern[/^[a-z]+(\.[a-z]+)?$/] $main_tld = $website::tld,
  Array $extra_tlds = $website::extra_tlds,
  Optional[String] $ssl_ca_chain    = undef,
  Optional[String] $letsencrypt_name = undef,
  Optional[String] $docroot_owner   = undef,
  Optional[String] $docroot_group   = undef,
  Optional[String] $custom_fragment = undef,
  Optional[String] $non_proxy_fragment  = undef,
  Optional[Boolean] $force_no_index = undef,
  Optional[Boolean] $force_no_www   = undef,
  Optional[Boolean] $csp            = true,
  Optional[Hash[String, String]] $csp_override     = undef,
  Boolean $csp_report     = true,
  Optional[Hash[String, String]] $csp_report_override = undef,
  ) {

  if ! defined(Class['website']) {
    fail('You must include the website base class before using any website defined resources')
  }

  $alias = domain_to_short_domain($base)

  $base_aliases = prefix($extra_tlds, "${base}.")
  if $base != $alias {
    $aliases = concat(concat($base_aliases, "${alias}.${main_tld}"),
      prefix($extra_tlds, "${alias}."))
  } else {
    $aliases = $base_aliases
  }

  $main_domain = "${base}.${main_tld}"
  website::https { $main_domain:
    priority        => $priority,
    ip              => $ip,
    proxy_4to6_ip   => $proxy_4to6_ip,
    serveraliases   => $aliases,
    docroot         => $docroot,
    docroot_owner   => $docroot_owner,
    docroot_group   => $docroot_group,
    ssl_ca_chain    => $ssl_ca_chain,
    letsencrypt_name => $letsencrypt_name,
    custom_fragment => $custom_fragment,
    non_proxy_fragment  => $non_proxy_fragment,
    force_no_index  => $force_no_index,
    force_no_www    => $force_no_www,
    csp             => $csp,
    csp_override    => $csp_override,
    csp_report      => $csp_report,
    csp_report_override => $csp_report_override,
  }
}