root_directory_options => ["All"],
default_mods => false,
default_vhost => false,
+ user => "http",
+ group => "http",
log_formats => {
combined => '%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %p',
common => '%h %l %u %t \"%r\" %>s %b',
filename => 'protocols.conf'
}
+ ::apache::custom_config { 'protocols.load':
+ content => 'LoadModule http2_module /etc/httpd/modules/mod_http2.so',
+ filename => 'protocols.load'
+ }
+
::apache::custom_config { 'document_root.conf':
source => "puppet:///modules/profile/apache/document_root.conf",
filename => "document_root.conf"
]
}
+ exec { 'Start-apache':
+ command => "/usr/bin/systemctl start httpd",
+ before => Class["::letsencrypt"],
+ unless => "/usr/bin/systemctl is-active httpd",
+ }
+
$letsencrypt_certonly_default = {
plugin => "webroot",
webroot_paths => ["/srv/http/"],
notify => Class['Apache::Service'],
- require => [Apache::Vhost["redirect_no_ssl"],Apache::Custom_config["letsencrypt.conf"]],
+ require => [Exec['Start-apache'],Apache::Vhost["redirect_no_ssl"],Apache::Custom_config["letsencrypt.conf"]],
manage_cron => true,
}
install_method => "package",
package_name => "certbot",
package_command => "certbot",
- # FIXME
- email => 'sites+letsencrypt@mail.immae.eu',
+ email => lookup('letsencrypt::email'),
}
- $real_hostname = lookup("base_installation::real_hostname") |$key| { {} }
+ $real_hostname = lookup("base_installation::real_hostname", { "default_value" => undef })
unless empty($real_hostname) {
- if (lookup("ssl::try_letsencrypt_for_real_hostname") |$key| { true }) {
+ if (lookup("letsencrypt::try_for_real_hostname", { "default_value" => true })) {
letsencrypt::certonly { $real_hostname:
before => Apache::Vhost["default_ssl"];
default: * => $::profile::apache::letsencrypt_certonly_default;
}
}
+ lookup("letsencrypt::hosts", { "default_value" => [] }).each |$host| {
+ if ($host != $real_hostname) { # Done above already
+ letsencrypt::certonly { $host: ;
+ default: * => $letsencrypt_certonly_default;
+ }
+ }
+ }
+
apache::vhost { "redirect_no_ssl":
port => '80',
error_log => false,
group => "root",
}
+ file { "/srv/http/index.html":
+ mode => "0644",
+ owner => "root",
+ group => "root",
+ source => "puppet:///modules/profile/apache/index.html",
+ }
file { "/srv/http/maintenance_immae.html":
mode => "0644",
owner => "root",