Fix server-status availability to tor hidden services (#7456)

Make the server-status information unavailable by putting the vhost on a port that isn't configured as available to the tor hidden-service. Change-Id: Idd3bfefb5b7fc26fb0a8cf48cdf6afc68a4192bb
author: Micah Anderson <micah@leap.se> 2015-09-15 11:52:20 -0400
committer: Micah <micah@leap.se> 2015-09-30 12:44:27 +0200
commit: 35c122900c52858b25e4ff8117b8f1eff47304a5 (patch)
tree: b6f227631d87e534d8238bafe6506c5192ffe014 /puppet/modules/site_webapp/manifests/common_vhost.pp
parent: 4b26c0f30980789844c747e796c12958f51c932c (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/puppet/modules/site_webapp/manifests/common_vhost.pp b/puppet/modules/site_webapp/manifests/common_vhost.pp
new file mode 100644
index 00000000..c57aad57
--- /dev/null
+++ b/puppet/modules/site_webapp/manifests/common_vhost.pp
@@ -0,0 +1,18 @@
+class site_webapp::common_vhost {
+  # installs x509 cert + key and common config
+  # that both nagios + leap webapp use
+
+  include x509::variables
+  include site_config::x509::commercial::cert
+  include site_config::x509::commercial::key
+  include site_config::x509::commercial::ca
+
+  Class['Site_config::X509::Commercial::Key'] ~> Service[apache]
+  Class['Site_config::X509::Commercial::Cert'] ~> Service[apache]
+  Class['Site_config::X509::Commercial::Ca'] ~> Service[apache]
+
+  apache::vhost::file {
+  'common':
+    content => template('site_apache/vhosts.d/common.conf.erb')
+  }
+}
author	Micah Anderson <micah@leap.se>	2015-09-15 11:52:20 -0400
committer	Micah <micah@leap.se>	2015-09-30 12:44:27 +0200
commit	35c122900c52858b25e4ff8117b8f1eff47304a5 (patch)
tree	b6f227631d87e534d8238bafe6506c5192ffe014 /puppet/modules/site_webapp/manifests/common_vhost.pp
parent	4b26c0f30980789844c747e796c12958f51c932c (diff)