summaryrefslogtreecommitdiff
path: root/puppet/modules/site_apache
diff options
context:
space:
mode:
authorMicah Anderson <micah@riseup.net>2012-11-27 11:49:08 -0500
committerMicah Anderson <micah@riseup.net>2012-11-27 12:28:46 -0500
commit0876cc7c712f273991cbb1177d7416afd0a1462d (patch)
tree7b683253b28dc7c920e709f2734d5de267fc6c8a /puppet/modules/site_apache
parenta2e2f558bcfc4b35c7d81f282d73e06f78590113 (diff)
add site_webapp class to install the certs/keys/CAs and virtual host configurations
Diffstat (limited to 'puppet/modules/site_apache')
-rw-r--r--puppet/modules/site_apache/templates/vhosts.d/api.conf.erb36
-rw-r--r--puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb39
2 files changed, 75 insertions, 0 deletions
diff --git a/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb
new file mode 100644
index 00000000..fc26190c
--- /dev/null
+++ b/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb
@@ -0,0 +1,36 @@
+<VirtualHost *:80>
+ ServerName <%= api_domain %>
+ RewriteEngine On
+ RewriteRule ^.*$ https://<%= api_domain -%>%{REQUEST_URI} [R=permanent,L]
+</VirtualHost>
+
+<VirtualHost *:443>
+ ServerName <%= api_domain %>
+
+ SSLEngine on
+ SSLProtocol -all +SSLv3 +TLSv1
+ SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH
+ SSLHonorCipherOrder on
+
+ SSLCACertificatePath /etc/ssl/certs
+ SSLCertificateChainFile /etc/ssl/certs/leap_api.crt
+ SSLCertificateKeyFile /etc/x509/keys/leap_api.key
+ SSLCertificateFile /etc/x509/certs/leap_api.crt
+
+ RequestHeader set X_FORWARDED_PROTO 'https'
+
+ DocumentRoot /srv/leap_webapp/public
+
+ # Check for maintenance file and redirect all requests
+ RewriteEngine On
+ RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f
+ RewriteCond %{SCRIPT_FILENAME} !maintenance.html
+ RewriteCond %{REQUEST_URI} !/images/maintenance.jpg
+ RewriteRule ^.*$ %{DOCUMENT_ROOT}/system/maintenance.html [L]
+
+ # http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengerallowencodedslashes_lt_on_off_gt
+ AllowEncodedSlashes on
+ PassengerAllowEncodedSlashes on
+ PassengerFriendlyErrorPages off
+ SetEnv TMPDIR /var/tmp
+</VirtualHost>
diff --git a/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb
new file mode 100644
index 00000000..bb035cd2
--- /dev/null
+++ b/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb
@@ -0,0 +1,39 @@
+<VirtualHost *:80>
+ ServerName <%= domain %>
+ ServerAlias www.<%= domain %>
+ RewriteEngine On
+ RewriteRule ^.*$ https://<%= domain -%>%{REQUEST_URI} [R=permanent,L]
+</VirtualHost>
+
+<VirtualHost *:443>
+ ServerName <%= domain %>
+ ServerAlias www.<%= domain %>
+
+ SSLEngine on
+ SSLProtocol -all +SSLv3 +TLSv1
+ SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH
+ SSLHonorCipherOrder on
+
+ SSLCACertificatePath /etc/ssl/certs
+ SSLCertificateChainFile /etc/ssl/certs/leap_webapp.crt
+ SSLCertificateKeyFile /etc/x509/keys/leap_webapp.key
+ SSLCertificateFile /etc/x509/certs/leap_webapp.crt
+
+ RequestHeader set X_FORWARDED_PROTO 'https'
+
+ DocumentRoot /srv/leap_webapp/public
+
+ # Check for maintenance file and redirect all requests
+ RewriteEngine On
+ RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f
+ RewriteCond %{SCRIPT_FILENAME} !maintenance.html
+ RewriteCond %{REQUEST_URI} !/images/maintenance.jpg
+ RewriteRule ^.*$ %{DOCUMENT_ROOT}/system/maintenance.html [L]
+
+ # http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengerallowencodedslashes_lt_on_off_gt
+ AllowEncodedSlashes on
+ PassengerAllowEncodedSlashes on
+ PassengerFriendlyErrorPages off
+ SetEnv TMPDIR /var/tmp
+</VirtualHost>
+