summaryrefslogtreecommitdiff
path: root/puppet/modules/site_apache
diff options
context:
space:
mode:
authorvarac <varacanero@zeromail.org>2014-02-06 17:37:17 +0100
committervarac <varacanero@zeromail.org>2014-02-06 17:37:17 +0100
commit8917a10fc55ee237cbb426306428b00cc3668a67 (patch)
tree530dd2b29f836b1c0b0eeca6af44edc5c9898fe2 /puppet/modules/site_apache
parentf7d12c8b3c31891635f188a37844e33288429a9f (diff)
parent36e5202181452c385b52e183e50166dec6c456d9 (diff)
Merge branch '5096_monitor_node_has_no_apache_conf' into 4982_check_mk
Diffstat (limited to 'puppet/modules/site_apache')
-rw-r--r--puppet/modules/site_apache/manifests/common.pp26
-rw-r--r--puppet/modules/site_apache/templates/vhosts.d/common.conf.erb (renamed from puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb)11
2 files changed, 34 insertions, 3 deletions
diff --git a/puppet/modules/site_apache/manifests/common.pp b/puppet/modules/site_apache/manifests/common.pp
new file mode 100644
index 00000000..72f24838
--- /dev/null
+++ b/puppet/modules/site_apache/manifests/common.pp
@@ -0,0 +1,26 @@
+class site_apache::common {
+ # installs x509 cert + key and common config
+ # that both nagios + leap webapp use
+
+ $web_domain = hiera('domain')
+ $domain_name = $web_domain['name']
+
+ include x509::variables
+ include site_config::x509::commercial::cert
+ include site_config::x509::commercial::key
+ include site_config::x509::commercial::ca
+
+ Class['Site_config::X509::Commercial::Key'] ~> Service[apache]
+ Class['Site_config::X509::Commercial::Cert'] ~> Service[apache]
+ Class['Site_config::X509::Commercial::Ca'] ~> Service[apache]
+
+ include site_apache::module::rewrite
+
+ class { '::apache': no_default_site => true, ssl => true }
+
+ apache::vhost::file {
+ 'common':
+ content => template('site_apache/vhosts.d/common.conf.erb')
+ }
+
+}
diff --git a/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb
index a001552a..30f0a6b1 100644
--- a/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb
+++ b/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb
@@ -23,13 +23,14 @@
RequestHeader set X_FORWARDED_PROTO 'https'
<IfModule mod_headers.c>
-<% if @webapp['secure'] -%>
+<% if (defined? @services) and (@services.include? 'webapp') and (@webapp['secure']) -%>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
<% end -%>
Header always unset X-Powered-By
Header always unset X-Runtime
</IfModule>
+<% if (defined? @services) and (@services.include? 'webapp') -%>
DocumentRoot /srv/leap/webapp/public
RewriteEngine On
@@ -52,16 +53,20 @@
ExpiresActive On
ExpiresDefault "access plus 1 year"
</Location>
+<% end -%>
+
- <% if (defined? @services) and (@services.include? 'monitor') -%>
+<% if (defined? @services) and (@services.include? 'monitor') -%>
<DirectoryMatch (/usr/share/nagios3/htdocs|/usr/lib/cgi-bin/nagios3|/etc/nagios3/stylesheets)>
+ <% if (defined? @services) and (@services.include? 'webapp') -%>
PassengerEnabled off
+ <% end -%>
AllowOverride all
# Nagios won't work with setting this option to "DENY",
# as set in conf.d/security (#4169). Therefor we allow
# it here, only for nagios.
Header set X-Frame-Options: "ALLOW"
</DirectoryMatch>
- <% end -%>
+<% end -%>
</VirtualHost>