summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2016-06-27 15:49:30 -0700
committerelijah <elijah@riseup.net>2016-06-27 16:15:26 -0700
commitb21a3e9126a1734b2cea975e57b5c9e8206f12fa (patch)
tree98d974e139f5068cd9189c2419e364846c73b411
parent46f1c8ee0a12971b0d1b80eb7300941f9d696aa2 (diff)
Fix the permissions on the DOMAIN/provider.json file for static sites.
-rw-r--r--puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb2
-rw-r--r--puppet/modules/site_config/manifests/remove/files.pp11
-rw-r--r--puppet/modules/site_static/manifests/init.pp22
-rw-r--r--puppet/modules/site_static/templates/apache.conf.erb8
4 files changed, 36 insertions, 7 deletions
diff --git a/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb
index 697a7ff3..b34bd189 100644
--- a/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb
+++ b/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb
@@ -47,7 +47,7 @@
<% end %>
AccessFileName .htaccess
- Alias /provider.json /srv/leap/provider.json
+ Alias /provider.json /srv/static/public/provider.json
<Location /provider.json>
Header set X-Minimum-Client-Version 0.5
</Location>
diff --git a/puppet/modules/site_config/manifests/remove/files.pp b/puppet/modules/site_config/manifests/remove/files.pp
index 41d6462e..3de8d695 100644
--- a/puppet/modules/site_config/manifests/remove/files.pp
+++ b/puppet/modules/site_config/manifests/remove/files.pp
@@ -11,7 +11,18 @@
class site_config::remove::files {
+ #
+ # Platform X removals
+ #
+
+ tidy {
+ '/srv/leap/provider.json':;
+ }
+
+ #
# Platform 0.8 removals
+ #
+
tidy {
'/etc/default/leap_mx':;
'/etc/logrotate.d/mx':;
diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp
index 4a722d62..8063d432 100644
--- a/puppet/modules/site_static/manifests/init.pp
+++ b/puppet/modules/site_static/manifests/init.pp
@@ -13,20 +13,34 @@ class site_static {
$bootstrap = $static['bootstrap_files']
$tor = hiera('tor', false)
+ file {
+ '/srv/static/':
+ ensure => 'directory',
+ owner => 'root',
+ group => 'root',
+ mode => '0744';
+ '/srv/static/public':
+ ensure => 'directory',
+ owner => 'root',
+ group => 'root',
+ mode => '0744';
+ }
+
if $bootstrap['enabled'] {
$bootstrap_domain = $bootstrap['domain']
$bootstrap_client = $bootstrap['client_version']
- file { '/srv/leap/provider.json':
+ file { '/srv/static/public/provider.json':
content => $bootstrap['provider_json'],
owner => 'www-data',
group => 'www-data',
- mode => '0444';
+ mode => '0444',
+ notify => Service[apache];
}
# It is important to always touch provider.json: the client needs to check x-min-client-version header,
# but this is only sent when the file has been modified (otherwise 304 is sent by apache). The problem
# is that changing min client version won't alter the content of provider.json, so we must touch it.
- exec { '/bin/touch /srv/leap/provider.json':
- require => File['/srv/leap/provider.json'];
+ exec { '/bin/touch /srv/static/public/provider.json':
+ require => File['/srv/static/public/provider.json'];
}
}
diff --git a/puppet/modules/site_static/templates/apache.conf.erb b/puppet/modules/site_static/templates/apache.conf.erb
index 6b969d1c..b3e5fc09 100644
--- a/puppet/modules/site_static/templates/apache.conf.erb
+++ b/puppet/modules/site_static/templates/apache.conf.erb
@@ -23,6 +23,10 @@
bootstrap_client = scope.lookupvar('site_static::bootstrap_client')
-%>
+<Directory "/srv/static/public/">
+ Require all granted
+</Directory>
+
<VirtualHost *:80>
ServerName <%= @domain %>
ServerAlias www.<%= @domain %>
@@ -46,7 +50,7 @@
#RewriteLogLevel 3
Include include.d/ssl_common.inc
-
+
<%- if @tls_only -%>
Header always set Strict-Transport-Security: "max-age=15768000;includeSubdomains"
<%- end -%>
@@ -63,7 +67,7 @@
AccessFileName .htaccess
<%- if ([@aliases]+[@domain]).flatten.include?(bootstrap_domain) -%>
- Alias /provider.json /srv/leap/provider.json
+ Alias /provider.json /srv/static/public/provider.json
<Location /provider.json>
Header set X-Minimum-Client-Version <%= bootstrap_client['min'] %>
</Location>