summaryrefslogtreecommitdiff
path: root/puppet/modules
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2014-03-24 01:47:46 -0700
committerelijah <elijah@riseup.net>2014-03-24 01:47:46 -0700
commit51f320178a58d7a05860cfd8d6129a16cd4ca9d8 (patch)
tree0e45317adf8c862b12bb6b160b55f737a4c0eab9 /puppet/modules
parent482c3d5a77d05043f5276d4f19168d2b777d3ef0 (diff)
modules/site_static: part 2 - apache
Diffstat (limited to 'puppet/modules')
-rw-r--r--puppet/modules/site_static/manifests/domain.pp19
-rw-r--r--puppet/modules/site_static/manifests/init.pp4
-rw-r--r--puppet/modules/site_static/templates/apache.conf.erb109
3 files changed, 132 insertions, 0 deletions
diff --git a/puppet/modules/site_static/manifests/domain.pp b/puppet/modules/site_static/manifests/domain.pp
index 48284106..8af2230f 100644
--- a/puppet/modules/site_static/manifests/domain.pp
+++ b/puppet/modules/site_static/manifests/domain.pp
@@ -5,5 +5,24 @@ define site_static::domain (
$cert,
$tls_only) {
+ $domain = $name
+ $base_dir = '/srv/static'
+
create_resources(site_static::location, $locations)
+
+ x509::cert { $domain: content => $cert }
+ x509::key { $domain: content => $key }
+ x509::ca { "${domain}_ca": content => $ca_cert }
+
+ class { '::apache': no_default_site => true, ssl => true }
+ include site_apache::module::headers
+ include site_apache::module::alias
+ include site_apache::module::expires
+ include site_apache::module::removeip
+ include site_apache::module::rewrite
+
+ apache::vhost::file { $domain:
+ content => template('site_static/apache.conf.erb')
+ }
+
}
diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp
index cc447cf7..91a4a7a9 100644
--- a/puppet/modules/site_static/manifests/init.pp
+++ b/puppet/modules/site_static/manifests/init.pp
@@ -10,4 +10,8 @@ class site_static {
}
create_resources(site_static::domain, $domains)
+
+ include site_shorewall::defaults
+ include site_shorewall::service::http
+ include site_shorewall::service::https
} \ No newline at end of file
diff --git a/puppet/modules/site_static/templates/apache.conf.erb b/puppet/modules/site_static/templates/apache.conf.erb
new file mode 100644
index 00000000..76534911
--- /dev/null
+++ b/puppet/modules/site_static/templates/apache.conf.erb
@@ -0,0 +1,109 @@
+<%-
+ ##
+ ## An apache config for static websites.
+ ##
+ def location_directory(name, location)
+ if location['format'] == 'amber'
+ File.join(@base_dir, name, 'public')
+ else
+ File.join(@base_dir, name)
+ end
+ end
+ document_root = '/var/www'
+ @locations.each do |name, location|
+ if location['path'] == '/'
+ document_root = location_directory(name, location)
+ end
+ end
+-%>
+
+<VirtualHost *:80>
+ ServerName <%= @domain %>
+ ServerAlias www.<%= @domain %>
+ RewriteEngine On
+ RewriteRule ^.*$ https://<%= @domain -%>%{REQUEST_URI} [R=permanent,L]
+</VirtualHost>
+
+<VirtualHost *:443>
+ ServerName <%= @domain %>
+ ServerAlias www.<%= @domain %>
+
+ #RewriteLog "/var/log/apache2/rewrite.log"
+ #RewriteLogLevel 3
+
+ SSLEngine on
+ SSLProtocol -all +SSLv3 +TLSv1
+ SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH
+ SSLHonorCipherOrder on
+
+ Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
+ Header set X-Frame-Options "deny"
+
+ SSLCertificateKeyFile /etc/x509/keys/<%= @domain %>.key
+ SSLCertificateFile /etc/x509/certs/<%= @domain %>.crt
+ SSLCertificateChainFile /etc/ssl/certs/<%= @domain %>_ca.pem
+
+ RequestHeader set X_FORWARDED_PROTO 'https'
+
+ DocumentRoot <%= document_root %>
+
+<%- @locations.each do |name, location| -%>
+ ##
+ ## <%= name %>
+ ##
+ <%- if location['path'] == '/' -%>
+ # Location /
+ <%- else -%>
+ Alias <%= location['path'] %> <%= location_directory(name, location) %>
+ <Location <%= location['path'] %>>
+ <%- end -%>
+ # remove trailing slashes
+ RewriteEngine On
+ RewriteRule ^(.+)/$ /$1 [R=301,L]
+
+ # e.g. /de/blah => /blah/index.de.html
+ RewriteCond %{DOCUMENT_ROOT}/$2/index.$1.html -f
+ RewriteRule ^/([a-z]{2})/(.*) /$2/index.$1.html [L]
+
+ # e.g. /de/foo/bar => /foo/bar.de.html
+ RewriteCond %{DOCUMENT_ROOT}/$2.$1.html -f
+ RewriteRule ^/([a-z]{2})/(.*) /$2.$1.html [L]
+
+ # e.g. /de => /index.de.html
+ RewriteCond %{DOCUMENT_ROOT}/index.$1.html -f
+ RewriteRule ^/([a-z]{2})$ /index.$1.html [L]
+
+ # e.g. /de/img.png => /img.png
+ RewriteCond %{DOCUMENT_ROOT}/$2 -f
+ RewriteRule ^/([a-z]{2})/(.*) /$2 [L]
+
+ # Simulate "DirectorySlash On"
+ # e.g. /foo/bar => /foo/bar/ (so that MultiViews will negotiate correct locale file)
+ RewriteCond %{DOCUMENT_ROOT}/$1 -d
+ RewriteRule ^/(.*[^/])$ /$1/ [PT]
+ <%- if location['path'] == '/' -%>
+ # end Location /
+ <%- else -%>
+ </Location>
+ <%- end -%>
+ <Directory <%= location_directory(name, location) %>>
+ ##
+ ## PERMISSIONS
+ ##
+ AllowOverride None
+ Order deny,allow
+ Allow from all
+
+ ##
+ ## LOCALE SUPPORT (e.g. index.en.html)
+ ##
+ LanguagePriority en
+ ForceLanguagePriority Prefer Fallback
+ DirectoryIndex index
+ DirectorySlash Off
+ Options +MultiViews
+ </Directory>
+
+<%- end -%>
+
+</VirtualHost>