apache: Added proxy support to apache::sslsite.

2013-09-24 11:40:56 +03:00 · 2013-09-24 11:40:56 +03:00 · 06eb2bdf9a
commit 06eb2bdf9a
parent 6cebef3715
4 changed files with 78 additions and 55 deletions
--- a/apache/manifests/debian.pp
+++ b/apache/manifests/debian.pp
@ -185,26 +185,28 @@ class apache::debian::sslserver inherits apache::debian::common {
 define apache::debian::sslsite($first, $hsts, $ipaddr, $root,
-                               $ssl_cert, $ssl_key, $ssl_chain) {
+                               $ssl_cert, $ssl_key, $ssl_chain, $proxy) {
    if $name == "default" {
        $site_fqdn = $homename
    } else {
        $site_fqdn = $name
-        if $root {
+        if $proxy == "" {
-            file { "/srv/www/https/${site_fqdn}":
+            if $root {
-                ensure => link,
+                file { "/srv/www/https/${site_fqdn}":
-                target => $root,
+                    ensure => link,
-                before => Service["apache2"],
+                    target => $root,
-            }
+                    before => Service["apache2"],
-        } else {
+                }
-            file { "/srv/www/https/${site_fqdn}":
+            } else {
-                ensure => directory,
+                file { "/srv/www/https/${site_fqdn}":
-                mode   => "0755",
+                    ensure => directory,
-                owner  => root,
+                    mode   => "0755",
-                group  => root,
+                    owner  => "root",
-                before => Service["apache2"],
+                    group  => "root",
                    before => Service["apache2"],
                }
            }
        }
@ -277,18 +279,20 @@ define apache::debian::sslsite($first, $hsts, $ipaddr, $root,
                     File["/etc/ssl/private/${site_fqdn}.key"], ],
    }
-    file { $site_confdir:
+    if $proxy == "" {
-        ensure  => directory,
+        file { $site_confdir:
-        mode    => "0644",
+            ensure  => directory,
-        owner   => root,
+            mode    => "0644",
-        group   => root,
+            owner   => "root",
-        purge   => true,
+            group   => "root",
-        force   => true,
+            purge   => true,
-        recurse => true,
+            force   => true,
-        source  => [ "puppet:///files/apache/sslsites/${site_fqdn}",
+            recurse => true,
-                     "puppet:///modules/custom/empty", ],
+            source  => [ "puppet:///files/apache/sslsites/${site_fqdn}",
-        before  => File[$site_conf],
+                         "puppet:///modules/custom/empty", ],
-        notify  => Service["apache2"],
+            before  => File[$site_conf],
            notify  => Service["apache2"],
        }
    }
 }
--- a/apache/manifests/init.pp
+++ b/apache/manifests/init.pp
@ -279,6 +279,8 @@ class apache::sslserver::listen {
 #       Path to SSL private key. Defaults to puppet client certificate.
 #   $ssl_chain:
 #       Path to SSL certificate chain. Defaults to none.
 #   $proxy:
 #       Proxy site to given URL.
 #
 # === Sample usage
 #
@ -288,8 +290,14 @@ class apache::sslserver::listen {
 #     ssl_key  => "puppet:///path/to/www.example.com.key",
 # }
 #
 # apache::site { "proxy.example.com":
 #     ssl_cert => "puppet:///path/to/proxy.example.com.crt",
 #     ssl_key  => "puppet:///path/to/proxy.example.com.key",
 #     proxy    => "http://localhost:8080",
 # }
 #
 define apache::sslsite($first=false, $hsts=false, $ipaddr="_default_", $root="",
-                       $ssl_cert="", $ssl_key="", $ssl_chain="") {
+                       $ssl_cert="", $ssl_key="", $ssl_chain="", $proxy="") {
    include apache::sslserver::listen
@ -308,6 +316,7 @@ define apache::sslsite($first=false, $hsts=false, $ipaddr="_default_", $root="",
                ssl_cert  => $ssl_cert,
                ssl_key   => $ssl_key,
                ssl_chain => $ssl_chain,
                proxy     => $proxy,
                require   => Class["apache::sslserver::listen"],
            }
        }
@ -321,6 +330,7 @@ define apache::sslsite($first=false, $hsts=false, $ipaddr="_default_", $root="",
                ssl_cert  => $ssl_cert,
                ssl_key   => $ssl_key,
                ssl_chain => $ssl_chain,
                proxy     => $proxy,
                require   => Class["apache::sslserver::listen"],
            }
        }
--- a/apache/manifests/redhat.pp
+++ b/apache/manifests/redhat.pp
@ -224,26 +224,28 @@ class apache::redhat::sslserver {
 define apache::redhat::sslsite($first, $hsts, $ipaddr, $root,
-                               $ssl_cert, $ssl_key, $ssl_chain) {
+                               $ssl_cert, $ssl_key, $ssl_chain, $proxy) {
    if $name == "default" {
        $site_fqdn = $homename
    } else {
        $site_fqdn = $name
-        if $root {
+        if $proxy == "" {
-            file { "/srv/www/https/${site_fqdn}":
+            if $root {
-                ensure => link,
+                file { "/srv/www/https/${site_fqdn}":
-                target => $root,
+                    ensure => link,
-                before => Service["httpsd"],
+                    target => $root,
-            }
+                    before => Service["httpsd"],
-        } else {
+                }
-            file { "/srv/www/https/${site_fqdn}":
+            } else {
-                ensure => directory,
+                file { "/srv/www/https/${site_fqdn}":
-                mode   => "0755",
+                    ensure => directory,
-                owner  => root,
+                    mode   => "0755",
-                group  => root,
+                    owner  => "root",
-                before => Service["httpsd"],
+                    group  => "root",
                    before => Service["httpsd"],
                }
            }
        }
@ -317,18 +319,20 @@ define apache::redhat::sslsite($first, $hsts, $ipaddr, $root,
                     File["/etc/pki/tls/private/${site_fqdn}.key"], ],
    }
-    file { $site_confdir:
+    if $proxy == "" {
-        ensure  => directory,
+        file { $site_confdir:
-        mode    => "0644",
+            ensure  => directory,
-        owner   => root,
+            mode    => "0644",
-        group   => root,
+            owner   => "root",
-        purge   => true,
+            group   => "root",
-        force   => true,
+            purge   => true,
-        recurse => true,
+            force   => true,
-        source  => [ "puppet:///files/apache/sslsites/${site_fqdn}",
+            recurse => true,
-                     "puppet:///modules/apache/emptysite", ],
+            source  => [ "puppet:///files/apache/sslsites/${site_fqdn}",
-        before  => File[$site_conf],
+                         "puppet:///modules/apache/emptysite", ],
-        notify  => Service["httpsd"],
+            before  => File[$site_conf],
            notify  => Service["httpsd"],
        }
    }
 }
--- a/apache/templates/site.https.conf.erb
+++ b/apache/templates/site.https.conf.erb
@ -1,7 +1,6 @@
 <VirtualHost <%= @ipaddr %>:443>
 # General setup for the virtual host, inherited from global configuration
 DocumentRoot "/srv/www/https/<%= @site_fqdn %>"
 ServerName <%= @site_fqdn %>:443
 # Use separate log files for the SSL virtual host; note that LogLevel
@ -156,6 +155,12 @@ BrowserMatch "MSIE [2-5]" \
 </IfModule>
 <% end -%>
-Include <%= @site_confdir %>/*.conf
+<% if @proxy != "" -%>
  ProxyPass / <%= @proxy %>/
  ProxyPassReverse / <%= @proxy %>/
 <% else -%>
  DocumentRoot /srv/www/https/<%= @site_fqdn %>
  Include <%= @site_confdir %>/*.conf
 <% end -%>
 </VirtualHost>