diff options
| author | Micah Anderson <micah@leap.se> | 2014-04-04 10:37:09 -0400 |
|---|---|---|
| committer | Micah Anderson <micah@leap.se> | 2014-04-04 10:37:09 -0400 |
| commit | 6af957a1c20f75a827655a3cd75e40a03cffe7c4 (patch) | |
| tree | e5995b0c4b53583fd9d16857f66f81137dccbf73 /puppet/modules/site_static | |
| parent | 7451213d5e0772d0d6cba4613bf66792da495909 (diff) | |
| parent | 1551f785c5c7c515781995928eec7659365d8988 (diff) | |
Merge branch '0.5' into develop
Conflicts:
provider_base/services/tor.json
Change-Id: I826579945a0d93c43384f0fd12c9833762b084cf
Diffstat (limited to 'puppet/modules/site_static')
| -rw-r--r-- | puppet/modules/site_static/README | 3 | ||||
| -rw-r--r-- | puppet/modules/site_static/manifests/domain.pp | 28 | ||||
| -rw-r--r-- | puppet/modules/site_static/manifests/init.pp | 17 | ||||
| -rw-r--r-- | puppet/modules/site_static/manifests/location.pp | 25 | ||||
| -rw-r--r-- | puppet/modules/site_static/templates/apache.conf.erb | 109 |
5 files changed, 182 insertions, 0 deletions
diff --git a/puppet/modules/site_static/README b/puppet/modules/site_static/README new file mode 100644 index 00000000..bc719782 --- /dev/null +++ b/puppet/modules/site_static/README @@ -0,0 +1,3 @@ +Deploy one or more static websites to a node. + +For now, it only supports `amber` based static sites. Should support plain html and jekyll in the future. diff --git a/puppet/modules/site_static/manifests/domain.pp b/puppet/modules/site_static/manifests/domain.pp new file mode 100644 index 00000000..8af2230f --- /dev/null +++ b/puppet/modules/site_static/manifests/domain.pp @@ -0,0 +1,28 @@ +define site_static::domain ( + $locations, + $ca_cert, + $key, + $cert, + $tls_only) { + + $domain = $name + $base_dir = '/srv/static' + + create_resources(site_static::location, $locations) + + x509::cert { $domain: content => $cert } + x509::key { $domain: content => $key } + x509::ca { "${domain}_ca": content => $ca_cert } + + class { '::apache': no_default_site => true, ssl => true } + include site_apache::module::headers + include site_apache::module::alias + include site_apache::module::expires + include site_apache::module::removeip + include site_apache::module::rewrite + + apache::vhost::file { $domain: + content => template('site_static/apache.conf.erb') + } + +} diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp new file mode 100644 index 00000000..91a4a7a9 --- /dev/null +++ b/puppet/modules/site_static/manifests/init.pp @@ -0,0 +1,17 @@ +class site_static { + tag 'leap_service' + $static = hiera('static') + $domains = $static['domains'] + $formats = $static['formats'] + + if (member($formats, 'amber')) { + include site_config::ruby::dev + rubygems::gem{'amber': } + } + + create_resources(site_static::domain, $domains) + + include site_shorewall::defaults + include site_shorewall::service::http + include site_shorewall::service::https +}
\ No newline at end of file diff --git a/puppet/modules/site_static/manifests/location.pp b/puppet/modules/site_static/manifests/location.pp new file mode 100644 index 00000000..1ba6807e --- /dev/null +++ b/puppet/modules/site_static/manifests/location.pp @@ -0,0 +1,25 @@ +define site_static::location($path, $format, $source) { + + $file_path = "/srv/static/${name}" + + if ($format == 'amber') { + exec {"amber_build_${name}": + cwd => $file_path, + command => 'amber rebuild', + user => 'www-data', + timeout => 600, + subscribe => Vcsrepo[$file_path] + } + } + + vcsrepo { $file_path: + ensure => present, + force => true, + revision => $source['revision'], + provider => $source['type'], + source => $source['repo'], + owner => 'www-data', + group => 'www-data' + } + +} diff --git a/puppet/modules/site_static/templates/apache.conf.erb b/puppet/modules/site_static/templates/apache.conf.erb new file mode 100644 index 00000000..76534911 --- /dev/null +++ b/puppet/modules/site_static/templates/apache.conf.erb @@ -0,0 +1,109 @@ +<%- + ## + ## An apache config for static websites. + ## + def location_directory(name, location) + if location['format'] == 'amber' + File.join(@base_dir, name, 'public') + else + File.join(@base_dir, name) + end + end + document_root = '/var/www' + @locations.each do |name, location| + if location['path'] == '/' + document_root = location_directory(name, location) + end + end +-%> + +<VirtualHost *:80> + ServerName <%= @domain %> + ServerAlias www.<%= @domain %> + RewriteEngine On + RewriteRule ^.*$ https://<%= @domain -%>%{REQUEST_URI} [R=permanent,L] +</VirtualHost> + +<VirtualHost *:443> + ServerName <%= @domain %> + ServerAlias www.<%= @domain %> + + #RewriteLog "/var/log/apache2/rewrite.log" + #RewriteLogLevel 3 + + SSLEngine on + SSLProtocol -all +SSLv3 +TLSv1 + SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH + SSLHonorCipherOrder on + + Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains" + Header set X-Frame-Options "deny" + + SSLCertificateKeyFile /etc/x509/keys/<%= @domain %>.key + SSLCertificateFile /etc/x509/certs/<%= @domain %>.crt + SSLCertificateChainFile /etc/ssl/certs/<%= @domain %>_ca.pem + + RequestHeader set X_FORWARDED_PROTO 'https' + + DocumentRoot <%= document_root %> + +<%- @locations.each do |name, location| -%> + ## + ## <%= name %> + ## + <%- if location['path'] == '/' -%> + # Location / + <%- else -%> + Alias <%= location['path'] %> <%= location_directory(name, location) %> + <Location <%= location['path'] %>> + <%- end -%> + # remove trailing slashes + RewriteEngine On + RewriteRule ^(.+)/$ /$1 [R=301,L] + + # e.g. /de/blah => /blah/index.de.html + RewriteCond %{DOCUMENT_ROOT}/$2/index.$1.html -f + RewriteRule ^/([a-z]{2})/(.*) /$2/index.$1.html [L] + + # e.g. /de/foo/bar => /foo/bar.de.html + RewriteCond %{DOCUMENT_ROOT}/$2.$1.html -f + RewriteRule ^/([a-z]{2})/(.*) /$2.$1.html [L] + + # e.g. /de => /index.de.html + RewriteCond %{DOCUMENT_ROOT}/index.$1.html -f + RewriteRule ^/([a-z]{2})$ /index.$1.html [L] + + # e.g. /de/img.png => /img.png + RewriteCond %{DOCUMENT_ROOT}/$2 -f + RewriteRule ^/([a-z]{2})/(.*) /$2 [L] + + # Simulate "DirectorySlash On" + # e.g. /foo/bar => /foo/bar/ (so that MultiViews will negotiate correct locale file) + RewriteCond %{DOCUMENT_ROOT}/$1 -d + RewriteRule ^/(.*[^/])$ /$1/ [PT] + <%- if location['path'] == '/' -%> + # end Location / + <%- else -%> + </Location> + <%- end -%> + <Directory <%= location_directory(name, location) %>> + ## + ## PERMISSIONS + ## + AllowOverride None + Order deny,allow + Allow from all + + ## + ## LOCALE SUPPORT (e.g. index.en.html) + ## + LanguagePriority en + ForceLanguagePriority Prefer Fallback + DirectoryIndex index + DirectorySlash Off + Options +MultiViews + </Directory> + +<%- end -%> + +</VirtualHost> |