diff options
author | Micah Anderson <micah@leap.se> | 2015-09-15 11:52:20 -0400 |
---|---|---|
committer | Micah Anderson <micah@leap.se> | 2015-09-15 13:58:43 -0400 |
commit | f8b2a72aa09fca368d3038efa9100a48126f8ae9 (patch) | |
tree | a5e84bc58c283a6e83cee6d0233e625062767db6 /puppet/modules/site_webapp/manifests/hidden_service.pp | |
parent | 4c622c1b6d652effdc84899befa98c36c37d10a2 (diff) |
Fix server-status availability to tor hidden services (#7456)
Make the server-status information unavailable by putting the vhost on a
port that isn't configured as available to the tor hidden-service.
Change-Id: Idd3bfefb5b7fc26fb0a8cf48cdf6afc68a4192bb
Diffstat (limited to 'puppet/modules/site_webapp/manifests/hidden_service.pp')
-rw-r--r-- | puppet/modules/site_webapp/manifests/hidden_service.pp | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp index 16b6e2e7..99a756ca 100644 --- a/puppet/modules/site_webapp/manifests/hidden_service.pp +++ b/puppet/modules/site_webapp/manifests/hidden_service.pp @@ -32,12 +32,18 @@ class site_webapp::hidden_service { owner => 'debian-tor', group => 'debian-tor', mode => '0600'; + + '/etc/apache2/mods-enabled/status.conf': + ensure => absent, + notify => Service['apache']; } apache::vhost::file { 'hidden_service': - content => template('site_apache/vhosts.d/hidden_service.conf.erb') + content => template('site_apache/vhosts.d/hidden_service.conf.erb'); + 'server_status': + vhost_source => 'modules/site_webapp/server-status.conf'; } include site_shorewall::tor -}
\ No newline at end of file +} |