## cd_apache::sites::vhost # Module name: cd_apache # Author: Arne Teuke (arne_teuke@confdroid.com) # License: # This file is part of cd_apache. # # cd_apache is used for providing automatic configuration of # Apache Websites. # Copyright (C) 2014 confdroid (copyright@confdroid.com) # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # @summary Define to allow setting up individual multiple virtual hosts. # @param [boolean] ae_use_https Whether or not to use https. It is highly # recommended to **__always__** use https. Using certbot/letsencypt as # automated CA certification option, it does create additional costs but # increases traffic security of your website for your users. # @param [boolean] ae_http_https_fw Whether or not to forward http traffic to # https. Recommended. Only active if `ae_use_https` is set to `true`. # @param [string] ae_vhost_port Specify the port number for the vhost # @param [string] ae_ssl_vhost_port Specify the ssl port number for the vhost. # @param [string] ae_server_admin email address, where problems with the server # should be e-mailed to. This address appears on some server-generated pages, # such as error documents. e.g. admin@your-domain.com # @param [string] ae_server_name What domain name should the vhost listen to, # i.e. example.com. do not use `www.` in here as that is automatically added # through the template, and the server_name itself is added through aliases. # @param [string] ae_vhost_root_path The root path where your vhost will live. # i.e. /var/www/html. This is used to build a string for the full doc path # together with `ae_server_name` i.e. /var/www/html/example.com # @param [string] ae_allow_from Specify a network address here if trying to # strict access to the website to a particular network range. Otherwise leave # `all` to allow unrestricted access. # @param [boolean] ae_use_access_log Whether or not to keep an access log for # your website. Note that in certain contries it is illegal nowadays to keep # the access log for prolonged time or to keep it at all. # @param [string] ae_dir_index Specify the directory index, i.e. `index.html` # or `index.php` etc. # @param [string] ae_vhost_loglevel Specify the LogLevel. # @param [string] ae_ssl_protocol Specify the supported ssl protocols, i.e. # `all TLSv1 -SSLv2 -SSLv3` (i.e. do not support any SSL version as they all # are compromised, use TLS only). # @param [string] ae_ssl_cipher_suite Specify teh cipher suite you want to # support. ############################################################################## define cd_apache::sites::vhost ( $ae_use_https = true, $ae_http_https_fw = true, $ae_vhost_port = '80', $ae_ssl_vhost_port = '443', $ae_server_admin = 'root@localhost', $ae_server_name = undef, $ae_vhost_root_path = '/var/www/html/', $ae_allow_from = 'all', $ae_use_access_log = false, $ae_dir_index = 'index.html', $ae_vhost_loglevel = 'warn', $ae_ssl_protocol = 'all TLSv1 -SSLv2 -SSLv3', $ae_ssl_cipher_suite = 'EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4', $ae_tls_cert_path = '/etc/pki/tls/certs', $ae_tls_key_path = '/etc/pki/tls/private', $ae_ssl_vhost_cert = "${::domain}.crt", $ae_ssl_vhost_key = "${::domain}.key", $ae_ssl_vhost_chain = "${::domain}.ca-cert", $ae_use_certbot = true, ) { $ae_manage_cfg = $::cd_apache::params::ae_manage_cfg $ae_conf_d_dir = $::cd_apache::params::ae_conf_d_dir $ae_service = $::cd_apache::params::ae_service $ae_doc_root = "${ae_vhost_root_path}/${ae_server_name}" $ae_vhost_erb = $::cd_apache::params::ae_vhost_erb $ae_vhost_ssl_erb = $::cd_apache::params::ae_vhost_ssl_erb # allow creating vhosts but only if we are managing the server configuration if $ae_manage_cfg == true { if $ae_use_https != true { file { "${name}.conf": ensure => file, path => "${ae_conf_d_dir}/${name}.conf", owner => 'root', group => 'foot', mode => '0644', selrange => s0, selrole => object_r, seltype => httpd_config_t, seluser => system_u, content => template($ae_vhost_erb), notify => Service[$ae_service], } } if $ae_use_https == true { if $ae_http_https_fw == true { file { "${name}.conf": ensure => file, path => "${ae_conf_d_dir}/${name}.conf", owner => 'root', group => 'foot', mode => '0644', selrange => s0, selrole => object_r, seltype => httpd_config_t, seluser => system_u, content => template($ae_vhost_erb), notify => Service[$ae_service], } file { "${name}_ssl.conf": ensure => file, path => "${ae_conf_d_dir}/${name}_ssl.conf", owner => 'root', group => 'foot', mode => '0644', selrange => s0, selrole => object_r, seltype => httpd_config_t, seluser => system_u, content => template($ae_vhost_ssl_erb), notify => Service[$ae_service], } } if $ae_http_https_fw != true { file { "${name}_ssl.conf": ensure => file, path => "${ae_conf_d_dir}/${name}_ssl.conf", owner => 'root', group => 'foot', mode => '0644', selrange => s0, selrole => object_r, seltype => httpd_config_t, seluser => system_u, content => template($ae_vhost_ssl_erb), notify => Service[$ae_service], } } } } }