confdroid/confdroid_apache
3
0
Fork 0
Code Issues Projects Wiki Activity
Files
ef4e41395b0e8af083815ebafdb903867059ab89
confdroid_apache/manifests/sites/vhost.pp
Arne Teuke ce399480a4 updated README
2017-07-09 16:08:26 +01:00

157 lines
6.5 KiB
Puppet
Raw Blame History

## cd_apache::sites::vhost
# Module name: cd_apache
# Author: Arne Teuke (arne_teuke@confdroid.com)
# License:
# This file is part of cd_apache.
#
# cd_apache is used for providing automatic configuration of
# Apache Websites.
# Copyright (C) 2014 confdroid (copyright@confdroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary Define to allow setting up individual multiple virtual hosts.
# @param [boolean] ae_use_https Whether or not to use https. It is highly
# recommended to **__always__** use https. Using certbot/letsencypt as
# automated CA certification option, it does create additional costs but
# increases traffic security of your website for your users.
# @param [boolean] ae_http_https_fw Whether or not to forward http traffic to
# https. Recommended. Only active if `ae_use_https` is set to `true`.
# @param [string] ae_vhost_port Specify the port number for the vhost
# @param [string] ae_ssl_vhost_port Specify the ssl port number for the vhost.
# @param [string] ae_server_admin email address, where problems with the server
# should be e-mailed to. This address appears on some server-generated pages,
# such as error documents. e.g. admin@your-domain.com
# @param [string] ae_server_name What domain name should the vhost listen to,
# i.e. example.com. do not use `www.` in here as that is automatically added
# through the template, and the server_name itself is added through aliases.
# @param [string] ae_vhost_root_path The root path where your vhost will live.
# i.e. /var/www/html. This is used to build a string for the full doc path
# together with `ae_server_name` i.e. /var/www/html/example.com
# @param [string] ae_allow_from Specify a network address here if trying to
# strict access to the website to a particular network range. Otherwise leave
# `all` to allow unrestricted access.
# @param [boolean] ae_use_access_log Whether or not to keep an access log for
# your website. Note that in certain contries it is illegal nowadays to keep
# the access log for prolonged time or to keep it at all.
# @param [string] ae_dir_index Specify the directory index, i.e. `index.html`
# or `index.php` etc.
# @param [string] ae_vhost_loglevel Specify the LogLevel.
# @param [string] ae_ssl_protocol Specify the supported ssl protocols, i.e.
# `all TLSv1 -SSLv2 -SSLv3` (i.e. do not support any SSL version as they all
# are compromised, use TLS only).
# @param [string] ae_ssl_cipher_suite Specify teh cipher suite you want to
# support.
##############################################################################
define cd_apache::sites::vhost (
$ae_use_https = true,
$ae_http_https_fw = true,
$ae_vhost_port = '80',
$ae_ssl_vhost_port = '443',
$ae_server_admin = 'root@localhost',
$ae_server_name = undef,
$ae_vhost_root_path = '/var/www/html/',
$ae_allow_from = 'all',
$ae_use_access_log = false,
$ae_dir_index = 'index.html',
$ae_vhost_loglevel = 'warn',
$ae_ssl_protocol = 'all TLSv1 -SSLv2 -SSLv3',
$ae_ssl_cipher_suite = 'EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4',
$ae_tls_cert_path = '/etc/pki/tls/certs',
$ae_tls_key_path = '/etc/pki/tls/private',
$ae_ssl_vhost_cert = "${::domain}.crt",
$ae_ssl_vhost_key = "${::domain}.key",
$ae_ssl_vhost_chain = "${::domain}.ca-cert",
$ae_use_certbot = true,
) {
$ae_manage_cfg = $::cd_apache::params::ae_manage_cfg
$ae_conf_d_dir = $::cd_apache::params::ae_conf_d_dir
$ae_service = $::cd_apache::params::ae_service
$ae_doc_root = "${ae_vhost_root_path}/${ae_server_name}"
$ae_vhost_erb = $::cd_apache::params::ae_vhost_erb
$ae_vhost_ssl_erb = $::cd_apache::params::ae_vhost_ssl_erb
# allow creating vhosts but only if we are managing the server configuration
if $ae_manage_cfg == true {
if $ae_use_https != true {
file { "${name}.conf":
ensure => file,
path => "${ae_conf_d_dir}/${name}.conf",
owner => 'root',
group => 'foot',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ae_vhost_erb),
notify => Service[$ae_service],
}
}
if $ae_use_https == true {
if $ae_http_https_fw == true {
file { "${name}.conf":
ensure => file,
path => "${ae_conf_d_dir}/${name}.conf",
owner => 'root',
group => 'foot',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ae_vhost_erb),
notify => Service[$ae_service],
}
file { "${name}_ssl.conf":
ensure => file,
path => "${ae_conf_d_dir}/${name}_ssl.conf",
owner => 'root',
group => 'foot',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ae_vhost_ssl_erb),
notify => Service[$ae_service],
}
}
if $ae_http_https_fw != true {
file { "${name}_ssl.conf":
ensure => file,
path => "${ae_conf_d_dir}/${name}_ssl.conf",
owner => 'root',
group => 'foot',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ae_vhost_ssl_erb),
notify => Service[$ae_service],
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink