summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2013-07-28 18:14:01 -0700
committerelijah <elijah@riseup.net>2013-07-30 16:44:03 -0700
commitb87bd57ad010ee6f091f77b8b1f653afafc0e4c7 (patch)
treef8288eba588e711a54bec5e7f489fe5e496dbc16
parent7ac64237fcb09893ae36b1b2f278e1474df8c49b (diff)
added webapp.secure flag (turns on secure cookies and HSTS)
-rw-r--r--provider_base/services/webapp.json3
-rw-r--r--puppet/modules/site_webapp/templates/config.yml.erb1
2 files changed, 3 insertions, 1 deletions
diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json
index 55331274..ed039b01 100644
--- a/provider_base/services/webapp.json
+++ b/provider_base/services/webapp.json
@@ -13,7 +13,8 @@
"allow_unlimited_certs": "= global.provider.service.allow_unlimited_bandwidth",
"allow_anonymous_certs": "= global.provider.service.allow_anonymous",
"secret_token": "= secret :webapp_secret_token",
- "api_version": 1
+ "api_version": 1,
+ "secure": false
},
"stunnel": {
"couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)"
diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb
index df562cd9..8b4b3bbe 100644
--- a/puppet/modules/site_webapp/templates/config.yml.erb
+++ b/puppet/modules/site_webapp/templates/config.yml.erb
@@ -2,6 +2,7 @@
production:
admins: [admin]
domain: <%= @provider_domain %>
+ force_ssl: <%= @webapp['secure'] %>
client_ca_key: <%= scope.lookupvar('site_webapp::client_ca::key_path') %>
client_ca_cert: <%= scope.lookupvar('site_webapp::client_ca::cert_path') %>
secret_token: "<%= @secret_token %>"