From ee6cad0750e853b3ac210d17b79471772bfae2a5 Mon Sep 17 00:00:00 2001 From: Micah Date: Fri, 11 Mar 2016 12:16:42 -0500 Subject: fix tor-related jessie deprecation problems (#7962) Change-Id: If493b8a1f06a786df36a28aa1fc592e270eba639 --- .../modules/site_apache/templates/vhosts.d/hidden_service.conf.erb | 2 +- puppet/modules/site_webapp/files/server-status.conf | 4 +--- puppet/modules/site_webapp/manifests/hidden_service.pp | 6 ++++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb index 653664ec..232b1577 100644 --- a/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb +++ b/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb @@ -1,5 +1,5 @@ - ServerName <%= tor_domain %> + ServerName <%= @tor_domain %> Header always unset X-Powered-By diff --git a/puppet/modules/site_webapp/files/server-status.conf b/puppet/modules/site_webapp/files/server-status.conf index 84cb9ae0..10b2d4ed 100644 --- a/puppet/modules/site_webapp/files/server-status.conf +++ b/puppet/modules/site_webapp/files/server-status.conf @@ -7,14 +7,12 @@ ExtendedStatus On #SeeRequestTail On Listen 127.0.0.1:8162 -NameVirtualHost 127.0.0.1:8162 SetHandler server-status - Order deny,allow - Deny from all + Require all granted Allow from 127.0.0.1 diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp index 12eb1793..72a2ce95 100644 --- a/puppet/modules/site_webapp/manifests/hidden_service.pp +++ b/puppet/modules/site_webapp/manifests/hidden_service.pp @@ -10,7 +10,7 @@ class site_webapp::hidden_service { include apache::module::removeip include tor::daemon - tor::daemon::hidden_service { 'webapp': ports => '80 127.0.0.1:80' } + tor::daemon::hidden_service { 'webapp': ports => [ '80 127.0.0.1:80'] } file { '/var/lib/tor/webapp/': @@ -38,7 +38,9 @@ class site_webapp::hidden_service { # because we are configuring our own version that is unavailable # over the hidden service (see: #7456 and #7776) apache::module { 'status': ensure => present, conf_content => ' ' } - + # the access_compat module is required to enable Allow directives + apache::module { 'access_compat': ensure => present } + apache::vhost::file { 'hidden_service': content => template('site_apache/vhosts.d/hidden_service.conf.erb'); -- cgit v1.2.3