class role::etherpad (
+ String $web_host,
) {
$password_seed = lookup("base_installation::puppet_pass_seed")
- $web_host = lookup("base_installation::real_hostname")
- $web_listen = "0.0.0.0"
+ $real_host = lookup("base_installation::real_hostname")
+ $web_listen = "127.0.0.1"
$web_port = 18000
$pg_db = "etherpad-lite"
$pg_user = "etherpad-lite"
}
profile::postgresql::master { "postgresql master for etherpad":
- letsencrypt_host => $web_host,
+ letsencrypt_host => $real_host,
backup_hosts => ["backup-1"],
}
order => "05-01",
}
+ class { 'apache::mod::headers': }
+ apache::vhost { $web_host:
+ port => '443',
+ docroot => false,
+ manage_docroot => false,
+ proxy_dest => "http://localhost:18000",
+ request_headers => 'set X-Forwarded-Proto "https"',
+ ssl => true,
+ ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem",
+ ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem",
+ ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem",
+ require => Letsencrypt::Certonly[$web_host],
+ proxy_preserve_host => true;
+ default: * => $::profile::apache::apache_vhost_default;
+ }
}