summaryrefslogtreecommitdiff
path: root/puppet/modules/site_static/manifests
diff options
context:
space:
mode:
authorMicah Anderson <micah@leap.se>2015-09-15 11:52:20 -0400
committerMicah Anderson <micah@leap.se>2015-09-15 13:58:43 -0400
commitf8b2a72aa09fca368d3038efa9100a48126f8ae9 (patch)
treea5e84bc58c283a6e83cee6d0233e625062767db6 /puppet/modules/site_static/manifests
parent4c622c1b6d652effdc84899befa98c36c37d10a2 (diff)
Fix server-status availability to tor hidden services (#7456)
Make the server-status information unavailable by putting the vhost on a port that isn't configured as available to the tor hidden-service. Change-Id: Idd3bfefb5b7fc26fb0a8cf48cdf6afc68a4192bb
Diffstat (limited to 'puppet/modules/site_static/manifests')
-rw-r--r--puppet/modules/site_static/manifests/init.pp13
1 files changed, 9 insertions, 4 deletions
diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp
index 1efc510b..f69ffba7 100644
--- a/puppet/modules/site_static/manifests/init.pp
+++ b/puppet/modules/site_static/manifests/init.pp
@@ -9,6 +9,7 @@ class site_static {
$domains = $static['domains']
$formats = $static['formats']
$bootstrap = $static['bootstrap_files']
+ $tor = hiera('tor', false)
if $bootstrap['enabled'] {
$bootstrap_domain = $bootstrap['domain']
@@ -27,14 +28,11 @@ class site_static {
}
}
- class { '::apache': no_default_site => true, ssl => true }
include site_apache::module::headers
include site_apache::module::alias
include site_apache::module::expires
include site_apache::module::removeip
- include site_apache::module::rewrite
- apache::config::include{ 'ssl_common.inc': }
-
+ include site_apache::common
include site_config::ruby::dev
if (member($formats, 'rack')) {
@@ -57,6 +55,13 @@ class site_static {
create_resources(site_static::domain, $domains)
+ if $tor {
+ $hidden_service = $tor['hidden_service']
+ if $hidden_service['active'] {
+ include site_webapp::hidden_service
+ }
+ }
+
include site_shorewall::defaults
include site_shorewall::service::http
include site_shorewall::service::https