tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

apache: Added proxy support to apache::sslsite.

Browse source
This commit is contained in:
Timo Mkinen 2013-09-24 11:40:56 +03:00
parent 6cebef3715
commit 06eb2bdf9a
4 changed files with 78 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
apache/manifests/debian.pp
View file

@ -185,26 +185,28 @@ class apache::debian::sslserver inherits apache::debian::common {
define apache::debian::sslsite($first, $hsts, $ipaddr, $root,
$ssl_cert, $ssl_key, $ssl_chain) {
$ssl_cert, $ssl_key, $ssl_chain, $proxy) {
if $name == "default" {
$site_fqdn = $homename
} else {
$site_fqdn = $name
if $root {
file { "/srv/www/https/${site_fqdn}":
ensure => link,
target => $root,
before => Service["apache2"],
}
} else {
file { "/srv/www/https/${site_fqdn}":
ensure => directory,
mode => "0755",
owner => root,
group => root,
before => Service["apache2"],
if $proxy == "" {
if $root {
file { "/srv/www/https/${site_fqdn}":
ensure => link,
target => $root,
before => Service["apache2"],
}
} else {
file { "/srv/www/https/${site_fqdn}":
ensure => directory,
mode => "0755",
owner => "root",
group => "root",
before => Service["apache2"],
}
}
}
@ -277,18 +279,20 @@ define apache::debian::sslsite($first, $hsts, $ipaddr, $root,
File["/etc/ssl/private/${site_fqdn}.key"], ],
}
file { $site_confdir:
ensure => directory,
mode => "0644",
owner => root,
group => root,
purge => true,
force => true,
recurse => true,
source => [ "puppet:///files/apache/sslsites/${site_fqdn}",
"puppet:///modules/custom/empty", ],
before => File[$site_conf],
notify => Service["apache2"],
if $proxy == "" {
file { $site_confdir:
ensure => directory,
mode => "0644",
owner => "root",
group => "root",
purge => true,
force => true,
recurse => true,
source => [ "puppet:///files/apache/sslsites/${site_fqdn}",
"puppet:///modules/custom/empty", ],
before => File[$site_conf],
notify => Service["apache2"],
}
}
}

12
apache/manifests/init.pp
View file

@ -279,6 +279,8 @@ class apache::sslserver::listen {
# Path to SSL private key. Defaults to puppet client certificate.
# $ssl_chain:
# Path to SSL certificate chain. Defaults to none.
# $proxy:
# Proxy site to given URL.
#
# === Sample usage
#
@ -288,8 +290,14 @@ class apache::sslserver::listen {
# ssl_key => "puppet:///path/to/www.example.com.key",
# }
#
# apache::site { "proxy.example.com":
# ssl_cert => "puppet:///path/to/proxy.example.com.crt",
# ssl_key => "puppet:///path/to/proxy.example.com.key",
# proxy => "http://localhost:8080",
# }
#
define apache::sslsite($first=false, $hsts=false, $ipaddr="_default_", $root="",
$ssl_cert="", $ssl_key="", $ssl_chain="") {
$ssl_cert="", $ssl_key="", $ssl_chain="", $proxy="") {
include apache::sslserver::listen
@ -308,6 +316,7 @@ define apache::sslsite($first=false, $hsts=false, $ipaddr="_default_", $root="",
ssl_cert => $ssl_cert,
ssl_key => $ssl_key,
ssl_chain => $ssl_chain,
proxy => $proxy,
require => Class["apache::sslserver::listen"],
}
}
@ -321,6 +330,7 @@ define apache::sslsite($first=false, $hsts=false, $ipaddr="_default_", $root="",
ssl_cert => $ssl_cert,
ssl_key => $ssl_key,
ssl_chain => $ssl_chain,
proxy => $proxy,
require => Class["apache::sslserver::listen"],
}
}

56
apache/manifests/redhat.pp
View file

@ -224,26 +224,28 @@ class apache::redhat::sslserver {
define apache::redhat::sslsite($first, $hsts, $ipaddr, $root,
$ssl_cert, $ssl_key, $ssl_chain) {
$ssl_cert, $ssl_key, $ssl_chain, $proxy) {
if $name == "default" {
$site_fqdn = $homename
} else {
$site_fqdn = $name
if $root {
file { "/srv/www/https/${site_fqdn}":
ensure => link,
target => $root,
before => Service["httpsd"],
}
} else {
file { "/srv/www/https/${site_fqdn}":
ensure => directory,
mode => "0755",
owner => root,
group => root,
before => Service["httpsd"],
if $proxy == "" {
if $root {
file { "/srv/www/https/${site_fqdn}":
ensure => link,
target => $root,
before => Service["httpsd"],
}
} else {
file { "/srv/www/https/${site_fqdn}":
ensure => directory,
mode => "0755",
owner => "root",
group => "root",
before => Service["httpsd"],
}
}
}
@ -317,18 +319,20 @@ define apache::redhat::sslsite($first, $hsts, $ipaddr, $root,
File["/etc/pki/tls/private/${site_fqdn}.key"], ],
}
file { $site_confdir:
ensure => directory,
mode => "0644",
owner => root,
group => root,
purge => true,
force => true,
recurse => true,
source => [ "puppet:///files/apache/sslsites/${site_fqdn}",
"puppet:///modules/apache/emptysite", ],
before => File[$site_conf],
notify => Service["httpsd"],
if $proxy == "" {
file { $site_confdir:
ensure => directory,
mode => "0644",
owner => "root",
group => "root",
purge => true,
force => true,
recurse => true,
source => [ "puppet:///files/apache/sslsites/${site_fqdn}",
"puppet:///modules/apache/emptysite", ],
before => File[$site_conf],
notify => Service["httpsd"],
}
}
}

9
apache/templates/site.https.conf.erb
View file

@ -1,7 +1,6 @@
<VirtualHost <%= @ipaddr %>:443>
# General setup for the virtual host, inherited from global configuration
DocumentRoot "/srv/www/https/<%= @site_fqdn %>"
ServerName <%= @site_fqdn %>:443
# Use separate log files for the SSL virtual host; note that LogLevel
@ -156,6 +155,12 @@ BrowserMatch "MSIE [2-5]" \
</IfModule>
<% end -%>
Include <%= @site_confdir %>/*.conf
<% if @proxy != "" -%>
ProxyPass / <%= @proxy %>/
ProxyPassReverse / <%= @proxy %>/
<% else -%>
DocumentRoot /srv/www/https/<%= @site_fqdn %>
Include <%= @site_confdir %>/*.conf
<% end -%>
</VirtualHost>