From 0876cc7c712f273991cbb1177d7416afd0a1462d Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 27 Nov 2012 11:49:08 -0500 Subject: add site_webapp class to install the certs/keys/CAs and virtual host configurations --- .../site_apache/templates/vhosts.d/api.conf.erb | 36 ++++++++++++++++++++ .../templates/vhosts.d/leap_webapp.conf.erb | 39 ++++++++++++++++++++++ 2 files changed, 75 insertions(+) create mode 100644 puppet/modules/site_apache/templates/vhosts.d/api.conf.erb create mode 100644 puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb (limited to 'puppet/modules/site_apache/templates/vhosts.d') diff --git a/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb new file mode 100644 index 00000000..fc26190c --- /dev/null +++ b/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb @@ -0,0 +1,36 @@ + + ServerName <%= api_domain %> + RewriteEngine On + RewriteRule ^.*$ https://<%= api_domain -%>%{REQUEST_URI} [R=permanent,L] + + + + ServerName <%= api_domain %> + + SSLEngine on + SSLProtocol -all +SSLv3 +TLSv1 + SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH + SSLHonorCipherOrder on + + SSLCACertificatePath /etc/ssl/certs + SSLCertificateChainFile /etc/ssl/certs/leap_api.crt + SSLCertificateKeyFile /etc/x509/keys/leap_api.key + SSLCertificateFile /etc/x509/certs/leap_api.crt + + RequestHeader set X_FORWARDED_PROTO 'https' + + DocumentRoot /srv/leap_webapp/public + + # Check for maintenance file and redirect all requests + RewriteEngine On + RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f + RewriteCond %{SCRIPT_FILENAME} !maintenance.html + RewriteCond %{REQUEST_URI} !/images/maintenance.jpg + RewriteRule ^.*$ %{DOCUMENT_ROOT}/system/maintenance.html [L] + + # http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengerallowencodedslashes_lt_on_off_gt + AllowEncodedSlashes on + PassengerAllowEncodedSlashes on + PassengerFriendlyErrorPages off + SetEnv TMPDIR /var/tmp + diff --git a/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb new file mode 100644 index 00000000..bb035cd2 --- /dev/null +++ b/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb @@ -0,0 +1,39 @@ + + ServerName <%= domain %> + ServerAlias www.<%= domain %> + RewriteEngine On + RewriteRule ^.*$ https://<%= domain -%>%{REQUEST_URI} [R=permanent,L] + + + + ServerName <%= domain %> + ServerAlias www.<%= domain %> + + SSLEngine on + SSLProtocol -all +SSLv3 +TLSv1 + SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH + SSLHonorCipherOrder on + + SSLCACertificatePath /etc/ssl/certs + SSLCertificateChainFile /etc/ssl/certs/leap_webapp.crt + SSLCertificateKeyFile /etc/x509/keys/leap_webapp.key + SSLCertificateFile /etc/x509/certs/leap_webapp.crt + + RequestHeader set X_FORWARDED_PROTO 'https' + + DocumentRoot /srv/leap_webapp/public + + # Check for maintenance file and redirect all requests + RewriteEngine On + RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f + RewriteCond %{SCRIPT_FILENAME} !maintenance.html + RewriteCond %{REQUEST_URI} !/images/maintenance.jpg + RewriteRule ^.*$ %{DOCUMENT_ROOT}/system/maintenance.html [L] + + # http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengerallowencodedslashes_lt_on_off_gt + AllowEncodedSlashes on + PassengerAllowEncodedSlashes on + PassengerFriendlyErrorPages off + SetEnv TMPDIR /var/tmp + + -- cgit v1.2.3