diff --git a/apache/manifests/debian.pp b/apache/manifests/debian.pp index 28f100b..8313714 100644 --- a/apache/manifests/debian.pp +++ b/apache/manifests/debian.pp @@ -185,26 +185,28 @@ class apache::debian::sslserver inherits apache::debian::common { define apache::debian::sslsite($first, $hsts, $ipaddr, $root, - $ssl_cert, $ssl_key, $ssl_chain) { + $ssl_cert, $ssl_key, $ssl_chain, $proxy) { if $name == "default" { $site_fqdn = $homename } else { $site_fqdn = $name - if $root { - file { "/srv/www/https/${site_fqdn}": - ensure => link, - target => $root, - before => Service["apache2"], - } - } else { - file { "/srv/www/https/${site_fqdn}": - ensure => directory, - mode => "0755", - owner => root, - group => root, - before => Service["apache2"], + if $proxy == "" { + if $root { + file { "/srv/www/https/${site_fqdn}": + ensure => link, + target => $root, + before => Service["apache2"], + } + } else { + file { "/srv/www/https/${site_fqdn}": + ensure => directory, + mode => "0755", + owner => "root", + group => "root", + before => Service["apache2"], + } } } @@ -277,18 +279,20 @@ define apache::debian::sslsite($first, $hsts, $ipaddr, $root, File["/etc/ssl/private/${site_fqdn}.key"], ], } - file { $site_confdir: - ensure => directory, - mode => "0644", - owner => root, - group => root, - purge => true, - force => true, - recurse => true, - source => [ "puppet:///files/apache/sslsites/${site_fqdn}", - "puppet:///modules/custom/empty", ], - before => File[$site_conf], - notify => Service["apache2"], + if $proxy == "" { + file { $site_confdir: + ensure => directory, + mode => "0644", + owner => "root", + group => "root", + purge => true, + force => true, + recurse => true, + source => [ "puppet:///files/apache/sslsites/${site_fqdn}", + "puppet:///modules/custom/empty", ], + before => File[$site_conf], + notify => Service["apache2"], + } } } diff --git a/apache/manifests/init.pp b/apache/manifests/init.pp index f0d350d..384d578 100644 --- a/apache/manifests/init.pp +++ b/apache/manifests/init.pp @@ -279,6 +279,8 @@ class apache::sslserver::listen { # Path to SSL private key. Defaults to puppet client certificate. # $ssl_chain: # Path to SSL certificate chain. Defaults to none. +# $proxy: +# Proxy site to given URL. # # === Sample usage # @@ -288,8 +290,14 @@ class apache::sslserver::listen { # ssl_key => "puppet:///path/to/www.example.com.key", # } # +# apache::site { "proxy.example.com": +# ssl_cert => "puppet:///path/to/proxy.example.com.crt", +# ssl_key => "puppet:///path/to/proxy.example.com.key", +# proxy => "http://localhost:8080", +# } +# define apache::sslsite($first=false, $hsts=false, $ipaddr="_default_", $root="", - $ssl_cert="", $ssl_key="", $ssl_chain="") { + $ssl_cert="", $ssl_key="", $ssl_chain="", $proxy="") { include apache::sslserver::listen @@ -308,6 +316,7 @@ define apache::sslsite($first=false, $hsts=false, $ipaddr="_default_", $root="", ssl_cert => $ssl_cert, ssl_key => $ssl_key, ssl_chain => $ssl_chain, + proxy => $proxy, require => Class["apache::sslserver::listen"], } } @@ -321,6 +330,7 @@ define apache::sslsite($first=false, $hsts=false, $ipaddr="_default_", $root="", ssl_cert => $ssl_cert, ssl_key => $ssl_key, ssl_chain => $ssl_chain, + proxy => $proxy, require => Class["apache::sslserver::listen"], } } diff --git a/apache/manifests/redhat.pp b/apache/manifests/redhat.pp index 86eb500..e2fd7a3 100644 --- a/apache/manifests/redhat.pp +++ b/apache/manifests/redhat.pp @@ -224,26 +224,28 @@ class apache::redhat::sslserver { define apache::redhat::sslsite($first, $hsts, $ipaddr, $root, - $ssl_cert, $ssl_key, $ssl_chain) { + $ssl_cert, $ssl_key, $ssl_chain, $proxy) { if $name == "default" { $site_fqdn = $homename } else { $site_fqdn = $name - if $root { - file { "/srv/www/https/${site_fqdn}": - ensure => link, - target => $root, - before => Service["httpsd"], - } - } else { - file { "/srv/www/https/${site_fqdn}": - ensure => directory, - mode => "0755", - owner => root, - group => root, - before => Service["httpsd"], + if $proxy == "" { + if $root { + file { "/srv/www/https/${site_fqdn}": + ensure => link, + target => $root, + before => Service["httpsd"], + } + } else { + file { "/srv/www/https/${site_fqdn}": + ensure => directory, + mode => "0755", + owner => "root", + group => "root", + before => Service["httpsd"], + } } } @@ -317,18 +319,20 @@ define apache::redhat::sslsite($first, $hsts, $ipaddr, $root, File["/etc/pki/tls/private/${site_fqdn}.key"], ], } - file { $site_confdir: - ensure => directory, - mode => "0644", - owner => root, - group => root, - purge => true, - force => true, - recurse => true, - source => [ "puppet:///files/apache/sslsites/${site_fqdn}", - "puppet:///modules/apache/emptysite", ], - before => File[$site_conf], - notify => Service["httpsd"], + if $proxy == "" { + file { $site_confdir: + ensure => directory, + mode => "0644", + owner => "root", + group => "root", + purge => true, + force => true, + recurse => true, + source => [ "puppet:///files/apache/sslsites/${site_fqdn}", + "puppet:///modules/apache/emptysite", ], + before => File[$site_conf], + notify => Service["httpsd"], + } } } diff --git a/apache/templates/site.https.conf.erb b/apache/templates/site.https.conf.erb index 4545bf6..df199b6 100644 --- a/apache/templates/site.https.conf.erb +++ b/apache/templates/site.https.conf.erb @@ -1,7 +1,6 @@ :443> # General setup for the virtual host, inherited from global configuration -DocumentRoot "/srv/www/https/<%= @site_fqdn %>" ServerName <%= @site_fqdn %>:443 # Use separate log files for the SSL virtual host; note that LogLevel @@ -156,6 +155,12 @@ BrowserMatch "MSIE [2-5]" \ <% end -%> -Include <%= @site_confdir %>/*.conf +<% if @proxy != "" -%> + ProxyPass / <%= @proxy %>/ + ProxyPassReverse / <%= @proxy %>/ +<% else -%> + DocumentRoot /srv/www/https/<%= @site_fqdn %> + Include <%= @site_confdir %>/*.conf +<% end -%>