From 9b18f7880aad97320cd5d118c31f04a0afc7c542 Mon Sep 17 00:00:00 2001 From: guido Date: Mon, 19 Oct 2015 15:07:30 -0300 Subject: Redirect to webapp_domain instead of domain This is needed for webapp when running on a subdomain. --- puppet/modules/site_apache/templates/vhosts.d/common.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_apache/templates') diff --git a/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb index ee5cd707..7f9fd5ab 100644 --- a/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb +++ b/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb @@ -4,7 +4,7 @@ ServerAlias <%= domain %> ServerAlias www.<%= domain %> RewriteEngine On - RewriteRule ^.*$ https://<%= domain -%>%{REQUEST_URI} [R=permanent,L] + RewriteRule ^.*$ https://<%= webapp_domain -%>%{REQUEST_URI} [R=permanent,L] CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log common -- cgit v1.2.3 From 1ade690d20618ca5adb0c4a1647b36200197fd26 Mon Sep 17 00:00:00 2001 From: Micah Date: Tue, 20 Oct 2015 17:17:39 -0400 Subject: Provide tor hidden service configuration for static sites (#7546) Without this configuration, a very basic, and non-functional virtualhost is created, making the hidden service not work Change-Id: Ibe87c6acf5c21cff2388247c4ba320a5b6af7933 --- .../site_apache/templates/vhosts.d/hidden_service.conf.erb | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'puppet/modules/site_apache/templates') diff --git a/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb index 0c6f3b8e..2c8d5eb5 100644 --- a/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb +++ b/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb @@ -30,4 +30,14 @@ ExpiresDefault "access plus 1 year" <% end -%> + +<% if (defined? @services) and (@services.include? 'static') -%> + DocumentRoot "/srv/static/root/public" + AccessFileName .htaccess + + Alias /provider.json /srv/leap/provider.json + + Header set X-Minimum-Client-Version 0.5 + +<% end -%> -- cgit v1.2.3 From 40455b8d66d2680debfa408de63533e80baee259 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 3 Nov 2015 19:19:33 +0100 Subject: [feat] Query erb variables like puppet 3 needs it - Related: #6920 --- .../site_apache/templates/vhosts.d/common.conf.erb | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) (limited to 'puppet/modules/site_apache/templates') diff --git a/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb index 7f9fd5ab..21c3a211 100644 --- a/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb +++ b/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb @@ -1,18 +1,18 @@ - ServerName <%= webapp_domain %> - ServerAlias <%= domain_name %> - ServerAlias <%= domain %> - ServerAlias www.<%= domain %> + ServerName <%= @webapp_domain %> + ServerAlias <%= @domain_name %> + ServerAlias <%= @domain %> + ServerAlias www.<%= @domain %> RewriteEngine On - RewriteRule ^.*$ https://<%= webapp_domain -%>%{REQUEST_URI} [R=permanent,L] + RewriteRule ^.*$ https://<%= @webapp_domain -%>%{REQUEST_URI} [R=permanent,L] CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log common - ServerName <%= webapp_domain %> - ServerAlias <%= domain_name %> - ServerAlias <%= domain %> - ServerAlias www.<%= domain %> + ServerName <%= @webapp_domain %> + ServerAlias <%= @domain_name %> + ServerAlias <%= @domain %> + ServerAlias www.<%= @domain %> CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log common SSLCACertificatePath /etc/ssl/certs @@ -69,4 +69,3 @@ <% end -%> - -- cgit v1.2.3 From e433b14fa14837f9889e08cb662bf29498179237 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 5 Nov 2015 22:43:42 +0100 Subject: [bug] [jessie] Allow apache to access webapp dir - Resolves: #7580 --- puppet/modules/site_apache/templates/vhosts.d/api.conf.erb | 6 ++++++ puppet/modules/site_apache/templates/vhosts.d/common.conf.erb | 6 ++++++ 2 files changed, 12 insertions(+) (limited to 'puppet/modules/site_apache/templates') diff --git a/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb index 0396f54b..a54112f8 100644 --- a/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb +++ b/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb @@ -27,6 +27,12 @@ Listen 0.0.0.0:<%= api_port %> DocumentRoot /srv/leap/webapp/public + <% if Gem::Version.new(@apache_version) > Gem::Version.new('2.3') %> + + AllowOverride None + Require all granted + + <% end %> # Check for maintenance file and redirect all requests RewriteEngine On diff --git a/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb index 21c3a211..cbb08c30 100644 --- a/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb +++ b/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb @@ -32,6 +32,12 @@ <% if (defined? @services) and (@services.include? 'webapp') -%> DocumentRoot /srv/leap/webapp/public + <% if Gem::Version.new(@apache_version) > Gem::Version.new('2.3') %> + + AllowOverride None + Require all granted + + <% end %> RewriteEngine On # Check for maintenance file and redirect all requests -- cgit v1.2.3 From d3501d3e81a4a31248829a59ae68a15da4034bf8 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 9 Nov 2015 10:21:54 +0100 Subject: [deprec] use @ in front of erb template tags Puppet 3 shows now deprecation warnings if the "@" is missing. see https://docs.puppetlabs.com/puppet/latest/reference/lang_template_erb.html#non-printing-tags#[bug|feat|docs|style|refactor|test|pkg|i18n] --- puppet/modules/site_apache/templates/vhosts.d/api.conf.erb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'puppet/modules/site_apache/templates') diff --git a/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb index a54112f8..9efc6b41 100644 --- a/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb +++ b/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb @@ -1,14 +1,14 @@ - ServerName <%= api_domain %> + ServerName <%= @api_domain %> RewriteEngine On - RewriteRule ^.*$ https://<%= api_domain -%>:<%= api_port -%>%{REQUEST_URI} [R=permanent,L] + RewriteRule ^.*$ https://<%= @api_domain -%>:<%= @api_port -%>%{REQUEST_URI} [R=permanent,L] CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log common -Listen 0.0.0.0:<%= api_port %> +Listen 0.0.0.0:<%= @api_port %> -> - ServerName <%= api_domain %> +> + ServerName <%= @api_domain %> CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log common SSLCACertificatePath /etc/ssl/certs -- cgit v1.2.3 From 26ece7a240fe842e5645a47bac86699c5d2bd34c Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 12 Dec 2015 23:55:00 +0100 Subject: [bug] Use guess_apache_version in apache templates The apache_version() fact only works if apache is already installed. So we use the guess_apache_version() function from the apache module to determine which apache version is to be installed. - Resolves: #7681 --- puppet/modules/site_apache/templates/vhosts.d/api.conf.erb | 2 +- .../modules/site_apache/templates/vhosts.d/common.conf.erb | 2 +- .../site_apache/templates/vhosts.d/hidden_service.conf.erb | 12 ++++++++++++ 3 files changed, 14 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_apache/templates') diff --git a/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb index 9efc6b41..d566437a 100644 --- a/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb +++ b/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb @@ -27,7 +27,7 @@ Listen 0.0.0.0:<%= @api_port %> DocumentRoot /srv/leap/webapp/public - <% if Gem::Version.new(@apache_version) > Gem::Version.new('2.3') %> + <% if scope.function_guess_apache_version([]) == '2.4' %> AllowOverride None Require all granted diff --git a/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb index cbb08c30..b24d1353 100644 --- a/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb +++ b/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb @@ -32,7 +32,7 @@ <% if (defined? @services) and (@services.include? 'webapp') -%> DocumentRoot /srv/leap/webapp/public - <% if Gem::Version.new(@apache_version) > Gem::Version.new('2.3') %> + <% if scope.function_guess_apache_version([]) == '2.4' %> AllowOverride None Require all granted diff --git a/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb index 2c8d5eb5..653664ec 100644 --- a/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb +++ b/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb @@ -8,6 +8,12 @@ <% if (defined? @services) and (@services.include? 'webapp') -%> DocumentRoot /srv/leap/webapp/public + <% if scope.function_guess_apache_version([]) == '2.4' %> + + AllowOverride None + Require all granted + + <% end %> RewriteEngine On # Check for maintenance file and redirect all requests @@ -33,6 +39,12 @@ <% if (defined? @services) and (@services.include? 'static') -%> DocumentRoot "/srv/static/root/public" + <% if scope.function_guess_apache_version([]) == '2.4' %> + + AllowOverride None + Require all granted + + <% end %> AccessFileName .htaccess Alias /provider.json /srv/leap/provider.json -- cgit v1.2.3 From ee6cad0750e853b3ac210d17b79471772bfae2a5 Mon Sep 17 00:00:00 2001 From: Micah Date: Fri, 11 Mar 2016 12:16:42 -0500 Subject: fix tor-related jessie deprecation problems (#7962) Change-Id: If493b8a1f06a786df36a28aa1fc592e270eba639 --- puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_apache/templates') diff --git a/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb index 653664ec..232b1577 100644 --- a/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb +++ b/puppet/modules/site_apache/templates/vhosts.d/hidden_service.conf.erb @@ -1,5 +1,5 @@ - ServerName <%= tor_domain %> + ServerName <%= @tor_domain %> Header always unset X-Powered-By -- cgit v1.2.3 From 3b5ce74f81bb56af0b94a119a85649446a3d6e19 Mon Sep 17 00:00:00 2001 From: Micah Date: Tue, 3 May 2016 13:21:17 -0400 Subject: migrate from obsolete SSLCertificateChainFile apache option (#8055) Change-Id: I20a28ae77c98071aefc1933e0ea73e5f3b895acb --- puppet/modules/site_apache/templates/vhosts.d/common.conf.erb | 1 - 1 file changed, 1 deletion(-) (limited to 'puppet/modules/site_apache/templates') diff --git a/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb index b24d1353..bf60e794 100644 --- a/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb +++ b/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb @@ -16,7 +16,6 @@ CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log common SSLCACertificatePath /etc/ssl/certs - SSLCertificateChainFile <%= scope.lookupvar('x509::variables::local_CAs') %>/<%= scope.lookupvar('site_config::params::commercial_ca_name') %>.crt SSLCertificateKeyFile <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::commercial_cert_name') %>.key SSLCertificateFile <%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::commercial_cert_name') %>.crt -- cgit v1.2.3 From 8b5541290fc985acd7364d48aaf357457c7622f7 Mon Sep 17 00:00:00 2001 From: kwadronaut Date: Tue, 3 May 2016 21:02:18 +0200 Subject: migrate from obsolete SSLCertificateChainFile apache option (#8055) --- puppet/modules/site_apache/templates/vhosts.d/api.conf.erb | 1 - 1 file changed, 1 deletion(-) (limited to 'puppet/modules/site_apache/templates') diff --git a/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb index d566437a..bfa5d04d 100644 --- a/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb +++ b/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb @@ -12,7 +12,6 @@ Listen 0.0.0.0:<%= @api_port %> CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log common SSLCACertificatePath /etc/ssl/certs - SSLCertificateChainFile <%= scope.lookupvar('x509::variables::local_CAs') %>/<%= scope.lookupvar('site_config::params::ca_name') %>.crt SSLCertificateKeyFile <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.key SSLCertificateFile <%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.crt -- cgit v1.2.3