From 1e872b71382f94f9c2d63ccbcaa43ca7d6741b42 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 9 Jul 2015 12:18:03 -0700 Subject: use latest amber for static nodes. --- puppet/modules/site_static/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_static') diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp index 2a198b57..1e7317a0 100644 --- a/puppet/modules/site_static/manifests/init.pp +++ b/puppet/modules/site_static/manifests/init.pp @@ -46,7 +46,7 @@ class site_static { } if (member($formats, 'amber')) { - rubygems::gem{'amber-0.3.4': } + rubygems::gem{'amber-0.3.7': } } create_resources(site_static::domain, $domains) -- cgit v1.2.3 From c5f1790602b2a987f7cfb18b0da8e11e692cdd40 Mon Sep 17 00:00:00 2001 From: kwadronaut Date: Tue, 14 Jul 2015 13:55:49 +0000 Subject: bump amber version, taking care of puppet ordering with require. --- puppet/modules/site_static/manifests/init.pp | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_static') diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp index e37d5ad2..a3fd9c1e 100644 --- a/puppet/modules/site_static/manifests/init.pp +++ b/puppet/modules/site_static/manifests/init.pp @@ -46,10 +46,13 @@ class site_static { } if (member($formats, 'amber')) { + rubygems::gem{'amber-0.3.7': + require => Package['zlib1g-dev'] + } + package { 'zlib1g-dev': - ensure => installed + ensure => installed } - rubygems::gem{'amber-0.3.4': } } create_resources(site_static::domain, $domains) @@ -57,4 +60,4 @@ class site_static { include site_shorewall::defaults include site_shorewall::service::http include site_shorewall::service::https -} +} \ No newline at end of file -- cgit v1.2.3 From 8b0910f1caf19884b6b46976b72536ee1f570ed5 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 15 Sep 2015 11:52:20 -0400 Subject: Fix server-status availability to tor hidden services (#7456) Make the server-status information unavailable by putting the vhost on a port that isn't configured as available to the tor hidden-service. Change-Id: Idd3bfefb5b7fc26fb0a8cf48cdf6afc68a4192bb --- puppet/modules/site_static/manifests/init.pp | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_static') diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp index 1efc510b..f69ffba7 100644 --- a/puppet/modules/site_static/manifests/init.pp +++ b/puppet/modules/site_static/manifests/init.pp @@ -9,6 +9,7 @@ class site_static { $domains = $static['domains'] $formats = $static['formats'] $bootstrap = $static['bootstrap_files'] + $tor = hiera('tor', false) if $bootstrap['enabled'] { $bootstrap_domain = $bootstrap['domain'] @@ -27,14 +28,11 @@ class site_static { } } - class { '::apache': no_default_site => true, ssl => true } include site_apache::module::headers include site_apache::module::alias include site_apache::module::expires include site_apache::module::removeip - include site_apache::module::rewrite - apache::config::include{ 'ssl_common.inc': } - + include site_apache::common include site_config::ruby::dev if (member($formats, 'rack')) { @@ -57,6 +55,13 @@ class site_static { create_resources(site_static::domain, $domains) + if $tor { + $hidden_service = $tor['hidden_service'] + if $hidden_service['active'] { + include site_webapp::hidden_service + } + } + include site_shorewall::defaults include site_shorewall::service::http include site_shorewall::service::https -- cgit v1.2.3 From 33b9876af4af85504107aae20feb57aaab5a17ad Mon Sep 17 00:00:00 2001 From: elijah Date: Sun, 11 Oct 2015 20:36:07 -0700 Subject: russian text requires amber 0.3.8 --- puppet/modules/site_static/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_static') diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp index f69ffba7..8df53075 100644 --- a/puppet/modules/site_static/manifests/init.pp +++ b/puppet/modules/site_static/manifests/init.pp @@ -44,7 +44,7 @@ class site_static { } if (member($formats, 'amber')) { - rubygems::gem{'amber-0.3.7': + rubygems::gem{'amber-0.3.8': require => Package['zlib1g-dev'] } -- cgit v1.2.3 From 91c638f7d30243f0c5c079659bd3bd1d32a7cc7c Mon Sep 17 00:00:00 2001 From: Micah Date: Mon, 19 Oct 2015 20:57:07 -0400 Subject: change apache header set for HSTS to be always, otherwise it wont be set for redirects (#7540) Change-Id: Ic77c64c03a99dad951f42633de04c352bed17c1e --- puppet/modules/site_static/templates/apache.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_static') diff --git a/puppet/modules/site_static/templates/apache.conf.erb b/puppet/modules/site_static/templates/apache.conf.erb index 4d61cc08..2853c5c7 100644 --- a/puppet/modules/site_static/templates/apache.conf.erb +++ b/puppet/modules/site_static/templates/apache.conf.erb @@ -48,7 +48,7 @@ Include include.d/ssl_common.inc <%- if @tls_only -%> - Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains" + Header always set Strict-Transport-Security: "max-age=15768000;includeSubdomains" <%- end -%> Header set X-Frame-Options "deny" Header always unset X-Powered-By -- cgit v1.2.3