summaryrefslogtreecommitdiff
path: root/puppet/modules/site_static/templates
diff options
context:
space:
mode:
authorMicah Anderson <micah@leap.se>2014-06-19 14:12:08 -0400
committerMicah Anderson <micah@leap.se>2014-06-19 14:12:08 -0400
commit9198af78956972a01aaf85e19753c5c9e62ea018 (patch)
tree7c2c4901c92528b2fababb0e4283d5bec6cd1aef /puppet/modules/site_static/templates
parent6100b6ded99241f10e7fb12c13a0820fda084912 (diff)
parentf991e8a4c877cff1d274fd1cac26488f8c3fda84 (diff)
Merge tag '0.5.2'
tagging 0.5.2 release
Diffstat (limited to 'puppet/modules/site_static/templates')
-rw-r--r--puppet/modules/site_static/templates/amber.erb15
-rw-r--r--puppet/modules/site_static/templates/apache.conf.erb70
-rw-r--r--puppet/modules/site_static/templates/rack.erb21
3 files changed, 79 insertions, 27 deletions
diff --git a/puppet/modules/site_static/templates/amber.erb b/puppet/modules/site_static/templates/amber.erb
new file mode 100644
index 00000000..17dc2ad6
--- /dev/null
+++ b/puppet/modules/site_static/templates/amber.erb
@@ -0,0 +1,15 @@
+<%- if @location_path == '' -%>
+ <Directory "<%= @directory %>/">
+ AllowOverride FileInfo Indexes Options=All,MultiViews
+ Order deny,allow
+ Allow from all
+ </Directory>
+<%- else -%>
+ AliasMatch ^/[a-z]{2}/<%=@location_path%>(/.+|/|)$ "<%=@directory%>/$1"
+ Alias /<%=@location_path%> "<%=@directory%>/"
+ <Directory "<%=@directory%>/">
+ AllowOverride FileInfo Indexes Options=All,MultiViews
+ Order deny,allow
+ Allow from all
+ </Directory>
+<%- end -%>
diff --git a/puppet/modules/site_static/templates/apache.conf.erb b/puppet/modules/site_static/templates/apache.conf.erb
index 2abe1a98..07ac481d 100644
--- a/puppet/modules/site_static/templates/apache.conf.erb
+++ b/puppet/modules/site_static/templates/apache.conf.erb
@@ -2,32 +2,45 @@
##
## An apache config for static websites.
##
+
def location_directory(name, location)
- if location['format'] == 'amber'
+ if ['amber', 'rack'].include?(location['format'])
File.join(@base_dir, name, 'public')
else
File.join(@base_dir, name)
end
end
- document_root = '/var/www'
- @locations.each do |name, location|
- if location['path'] == '/'
- document_root = location_directory(name, location)
+
+ @document_root = begin
+ root = '/var/www'
+ @locations && @locations.each do |name, location|
+ root = location_directory(name, location) if location['path'] == '/'
end
+ root.gsub(%r{^/|/$}, '')
end
- document_root = document_root.gsub(%r{^/|/$}, '')
+
+ bootstrap_domain = scope.lookupvar('site_static::bootstrap_domain')
+ bootstrap_client = scope.lookupvar('site_static::bootstrap_client')
-%>
<VirtualHost *:80>
ServerName <%= @domain %>
ServerAlias www.<%= @domain %>
+<%- @aliases && @aliases.each do |domain_alias| -%>
+ ServerAlias <%= domain_alias %>
+<%- end -%>
+<%- if @tls_only -%>
RewriteEngine On
RewriteRule ^.*$ https://<%= @domain -%>%{REQUEST_URI} [R=permanent,L]
+<%- end -%>
</VirtualHost>
<VirtualHost *:443>
ServerName <%= @domain %>
ServerAlias www.<%= @domain %>
+<%- @aliases && @aliases.each do |domain_alias| -%>
+ ServerAlias <%= domain_alias %>
+<%- end -%>
#RewriteLog "/var/log/apache2/rewrite.log"
#RewriteLogLevel 3
@@ -38,8 +51,12 @@
SSLCompression off
SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK"
+<%- if @tls_only -%>
Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
+<%- end -%>
Header set X-Frame-Options "deny"
+ Header always unset X-Powered-By
+ Header always unset X-Runtime
SSLCertificateKeyFile /etc/x509/keys/<%= @domain %>.key
SSLCertificateFile /etc/x509/certs/<%= @domain %>.crt
@@ -47,31 +64,30 @@
RequestHeader set X_FORWARDED_PROTO 'https'
- DocumentRoot "/<%= document_root %>/"
+ DocumentRoot "/<%= @document_root %>/"
AccessFileName .htaccess
-<%- @locations.each do |name, location| -%>
- <%- path = location['path'].gsub(%r{^/|/$}, '') -%>
- <%- directory = location_directory(name, location) -%>
+<%- if ([@aliases]+[@domain]).flatten.include?(bootstrap_domain) -%>
+ Alias /provider.json /srv/leap/provider.json
+ <Location /provider.json>
+ Header set X-Minimum-Client-Version <%= bootstrap_client['min'] %>
+ </Location>
+<%- end -%>
+
+<%- if @apache_config -%>
+<%= @apache_config.gsub(':percent:','%') %>
+<%- end -%>
+
+<%- @locations && @locations.each do |name, location| -%>
+<%- location_path = location['path'].gsub(%r{^/|/$}, '') -%>
+<%- directory = location_directory(name, location) -%>
+<%- local_vars = {'location_path'=>location_path, 'directory'=>directory, 'location'=>location, 'name'=>name} -%>
+<%- template_path = File.join(File.dirname(__FILE__), location['format']) + '.erb' -%>
+<%- break unless File.exists?(template_path) -%>
##
- ## <%= name %>
+ ## <%= name %> (<%= location['format'] %>)
##
- <%- if path == '' -%>
- <Directory "/<%= document_root %>/">
- AllowOverride FileInfo Indexes Options=All,MultiViews
- Order deny,allow
- Allow from all
- </Directory>
- <%- else -%>
- AliasMatch ^/[a-z]{2}/<%=path%>(/.+|/|)$ "/<%=directory%>/$1"
- Alias /<%=path%> "/<%=directory%>/"
- <Directory "/<%=directory%>/">
- AllowOverride FileInfo Indexes Options=All,MultiViews
- Order deny,allow
- Allow from all
- </Directory>
- <%- end -%>
-
+<%= scope.function_templatewlv([template_path, local_vars]) %>
<%- end -%>
</VirtualHost>
diff --git a/puppet/modules/site_static/templates/rack.erb b/puppet/modules/site_static/templates/rack.erb
new file mode 100644
index 00000000..aae91f1c
--- /dev/null
+++ b/puppet/modules/site_static/templates/rack.erb
@@ -0,0 +1,21 @@
+ #PassengerLogLevel 1
+ #PassengerAppEnv production
+ #PassengerFriendlyErrorPages on
+<%- if @location_path == '' -%>
+ <Directory "<%=@directory%>">
+ Order deny,allow
+ Allow from all
+ Options -MultiViews
+ </Directory>
+<%- else -%>
+ Alias /<%=@location_path%> "<%=@directory%>"
+ <Location /<%=@location_path%>>
+ PassengerBaseURI /<%=@location_path%>
+ PassengerAppRoot "<%=File.dirname(@directory)%>"
+ </Location>
+ <Directory "<%=@directory%>">
+ Order deny,allow
+ Allow from all
+ Options -MultiViews
+ </Directory>
+<%- end -%>