Fix server-status availability to tor hidden services (#7456)

Make the server-status information unavailable by putting the vhost on a port that isn't configured as available to the tor hidden-service. Change-Id: Idd3bfefb5b7fc26fb0a8cf48cdf6afc68a4192bb
author: Micah Anderson <micah@leap.se> 2015-09-15 11:52:20 -0400
committer: Micah <micah@leap.se> 2015-09-30 12:46:48 +0200
commit: 8b0910f1caf19884b6b46976b72536ee1f570ed5 (patch)
tree: 2990e1b3ae4a4c406754444c9d98b98ae658cbb2 /puppet/modules/site_webapp/manifests/common_vhost.pp
parent: 659587b9a56274d87c8c8deda499ccea85f875b5 (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/puppet/modules/site_webapp/manifests/common_vhost.pp b/puppet/modules/site_webapp/manifests/common_vhost.pp
new file mode 100644
index 00000000..c57aad57
--- /dev/null
+++ b/puppet/modules/site_webapp/manifests/common_vhost.pp
@@ -0,0 +1,18 @@
+class site_webapp::common_vhost {
+  # installs x509 cert + key and common config
+  # that both nagios + leap webapp use
+
+  include x509::variables
+  include site_config::x509::commercial::cert
+  include site_config::x509::commercial::key
+  include site_config::x509::commercial::ca
+
+  Class['Site_config::X509::Commercial::Key'] ~> Service[apache]
+  Class['Site_config::X509::Commercial::Cert'] ~> Service[apache]
+  Class['Site_config::X509::Commercial::Ca'] ~> Service[apache]
+
+  apache::vhost::file {
+  'common':
+    content => template('site_apache/vhosts.d/common.conf.erb')
+  }
+}
author	Micah Anderson <micah@leap.se>	2015-09-15 11:52:20 -0400
committer	Micah <micah@leap.se>	2015-09-30 12:46:48 +0200
commit	8b0910f1caf19884b6b46976b72536ee1f570ed5 (patch)
tree	2990e1b3ae4a4c406754444c9d98b98ae658cbb2 /puppet/modules/site_webapp/manifests/common_vhost.pp
parent	659587b9a56274d87c8c8deda499ccea85f875b5 (diff)