diff options
Diffstat (limited to 'puppet/modules/site_apache')
-rw-r--r-- | puppet/modules/site_apache/manifests/common.pp | 26 | ||||
-rw-r--r-- | puppet/modules/site_apache/templates/vhosts.d/common.conf.erb (renamed from puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb) | 11 |
2 files changed, 34 insertions, 3 deletions
diff --git a/puppet/modules/site_apache/manifests/common.pp b/puppet/modules/site_apache/manifests/common.pp new file mode 100644 index 00000000..72f24838 --- /dev/null +++ b/puppet/modules/site_apache/manifests/common.pp @@ -0,0 +1,26 @@ +class site_apache::common { + # installs x509 cert + key and common config + # that both nagios + leap webapp use + + $web_domain = hiera('domain') + $domain_name = $web_domain['name'] + + include x509::variables + include site_config::x509::commercial::cert + include site_config::x509::commercial::key + include site_config::x509::commercial::ca + + Class['Site_config::X509::Commercial::Key'] ~> Service[apache] + Class['Site_config::X509::Commercial::Cert'] ~> Service[apache] + Class['Site_config::X509::Commercial::Ca'] ~> Service[apache] + + include site_apache::module::rewrite + + class { '::apache': no_default_site => true, ssl => true } + + apache::vhost::file { + 'common': + content => template('site_apache/vhosts.d/common.conf.erb') + } + +} diff --git a/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb index a001552a..30f0a6b1 100644 --- a/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb +++ b/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb @@ -23,13 +23,14 @@ RequestHeader set X_FORWARDED_PROTO 'https' <IfModule mod_headers.c> -<% if @webapp['secure'] -%> +<% if (defined? @services) and (@services.include? 'webapp') and (@webapp['secure']) -%> Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" <% end -%> Header always unset X-Powered-By Header always unset X-Runtime </IfModule> +<% if (defined? @services) and (@services.include? 'webapp') -%> DocumentRoot /srv/leap/webapp/public RewriteEngine On @@ -52,16 +53,20 @@ ExpiresActive On ExpiresDefault "access plus 1 year" </Location> +<% end -%> + - <% if (defined? @services) and (@services.include? 'monitor') -%> +<% if (defined? @services) and (@services.include? 'monitor') -%> <DirectoryMatch (/usr/share/nagios3/htdocs|/usr/lib/cgi-bin/nagios3|/etc/nagios3/stylesheets)> + <% if (defined? @services) and (@services.include? 'webapp') -%> PassengerEnabled off + <% end -%> AllowOverride all # Nagios won't work with setting this option to "DENY", # as set in conf.d/security (#4169). Therefor we allow # it here, only for nagios. Header set X-Frame-Options: "ALLOW" </DirectoryMatch> - <% end -%> +<% end -%> </VirtualHost> |