Fix server-status availability to tor hidden services (#7456)

Make the server-status information unavailable by putting the vhost on a
port that isn't configured as available to the tor hidden-service.

Change-Id: Idd3bfefb5b7fc26fb0a8cf48cdf6afc68a4192bb

2 files changed, 7 insertions, 20 deletions

diff --git a/puppet/modules/site_apache/manifests/common.pp b/puppet/modules/site_apache/manifests/common.pp
index 2b83ffa5..64beb231 100644
--- a/puppet/modules/site_apache/manifests/common.pp
+++ b/puppet/modules/site_apache/manifests/common.pp
@@ -1,27 +1,8 @@
 class site_apache::common {
-  # installs x509 cert + key and common config
-  # that both nagios + leap webapp use
-
-  $web_domain       = hiera('domain')
-  $domain_name      = $web_domain['name']
-
-  include x509::variables
-  include site_config::x509::commercial::cert
-  include site_config::x509::commercial::key
-  include site_config::x509::commercial::ca
-
-  Class['Site_config::X509::Commercial::Key'] ~> Service[apache]
-  Class['Site_config::X509::Commercial::Cert'] ~> Service[apache]
-  Class['Site_config::X509::Commercial::Ca'] ~> Service[apache]
 
   include site_apache::module::rewrite
 
   class { '::apache': no_default_site => true, ssl => true }
 
-  apache::vhost::file {
-    'common':
-      content => template('site_apache/vhosts.d/common.conf.erb')
-  }
-
-  apache::config::include{ 'ssl_common.inc': }
+  include site_apache::common::tls
 }
diff --git a/puppet/modules/site_apache/manifests/common/tls.pp b/puppet/modules/site_apache/manifests/common/tls.pp
new file mode 100644
index 00000000..040868bf
--- /dev/null
+++ b/puppet/modules/site_apache/manifests/common/tls.pp
@@ -0,0 +1,6 @@
+class site_apache::common::tls {
+  # class to setup common SSL configurations
+
+  apache::config::include{ 'ssl_common.inc': }
+
+}