summaryrefslogtreecommitdiff
path: root/puppet/modules/site_apache
diff options
context:
space:
mode:
authorvarac <varacanero@zeromail.org>2014-02-06 15:36:12 +0100
committervarac <varacanero@zeromail.org>2014-02-06 15:36:12 +0100
commit36e5202181452c385b52e183e50166dec6c456d9 (patch)
tree0c0e2b7ee48c31d323abd09cbea1b52e3c0eab56 /puppet/modules/site_apache
parentd8112f6c897579cbb8bbe1230ca5d0eff6746def (diff)
move leap_webapp.conf template to common.conf which is included by the nagios and webapp node (#5096)
Diffstat (limited to 'puppet/modules/site_apache')
-rw-r--r--puppet/modules/site_apache/manifests/common.pp26
-rw-r--r--puppet/modules/site_apache/templates/vhosts.d/common.conf.erb (renamed from puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb)11
2 files changed, 34 insertions, 3 deletions
diff --git a/puppet/modules/site_apache/manifests/common.pp b/puppet/modules/site_apache/manifests/common.pp
new file mode 100644
index 00000000..72f24838
--- /dev/null
+++ b/puppet/modules/site_apache/manifests/common.pp
@@ -0,0 +1,26 @@
+class site_apache::common {
+ # installs x509 cert + key and common config
+ # that both nagios + leap webapp use
+
+ $web_domain = hiera('domain')
+ $domain_name = $web_domain['name']
+
+ include x509::variables
+ include site_config::x509::commercial::cert
+ include site_config::x509::commercial::key
+ include site_config::x509::commercial::ca
+
+ Class['Site_config::X509::Commercial::Key'] ~> Service[apache]
+ Class['Site_config::X509::Commercial::Cert'] ~> Service[apache]
+ Class['Site_config::X509::Commercial::Ca'] ~> Service[apache]
+
+ include site_apache::module::rewrite
+
+ class { '::apache': no_default_site => true, ssl => true }
+
+ apache::vhost::file {
+ 'common':
+ content => template('site_apache/vhosts.d/common.conf.erb')
+ }
+
+}
diff --git a/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb
index a001552a..30f0a6b1 100644
--- a/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb
+++ b/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb
@@ -23,13 +23,14 @@
RequestHeader set X_FORWARDED_PROTO 'https'
<IfModule mod_headers.c>
-<% if @webapp['secure'] -%>
+<% if (defined? @services) and (@services.include? 'webapp') and (@webapp['secure']) -%>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
<% end -%>
Header always unset X-Powered-By
Header always unset X-Runtime
</IfModule>
+<% if (defined? @services) and (@services.include? 'webapp') -%>
DocumentRoot /srv/leap/webapp/public
RewriteEngine On
@@ -52,16 +53,20 @@
ExpiresActive On
ExpiresDefault "access plus 1 year"
</Location>
+<% end -%>
+
- <% if (defined? @services) and (@services.include? 'monitor') -%>
+<% if (defined? @services) and (@services.include? 'monitor') -%>
<DirectoryMatch (/usr/share/nagios3/htdocs|/usr/lib/cgi-bin/nagios3|/etc/nagios3/stylesheets)>
+ <% if (defined? @services) and (@services.include? 'webapp') -%>
PassengerEnabled off
+ <% end -%>
AllowOverride all
# Nagios won't work with setting this option to "DENY",
# as set in conf.d/security (#4169). Therefor we allow
# it here, only for nagios.
Header set X-Frame-Options: "ALLOW"
</DirectoryMatch>
- <% end -%>
+<% end -%>
</VirtualHost>