order => "b0",
}
+ letsencrypt::certonly { $cf_front_app_host: ;
+ default: * => $::profile::apache::letsencrypt_certonly_default;
+ }
+
+ class { 'apache::mod::headers': }
apache::vhost { $cf_front_app_host:
- port => '80',
+ port => '443',
docroot => false,
manage_docroot => false,
proxy_dest => "http://localhost:8000",
- proxy_preserve_host => true,
- no_proxy_uris => [
- "/maintenance_immae.html",
- "/googleb6d69446ff4ca3e5.html",
- "/.well-known/acme-challenge"
- ],
- no_proxy_uris_match => [
- '^/licen[cs]es?_et_tip(ping)?$',
- '^/licen[cs]es?_and_tip(ping)?$',
- '^/licen[cs]es?$',
- '^/tip(ping)?$',
- ]
+ request_headers => 'set X-Forwarded-Proto "https"',
+ ssl => true,
+ ssl_cert => "/etc/letsencrypt/live/$cf_front_app_host/cert.pem",
+ ssl_key => "/etc/letsencrypt/live/$cf_front_app_host/privkey.pem",
+ ssl_chain => "/etc/letsencrypt/live/$cf_front_app_host/chain.pem",
+ require => Letsencrypt::Certonly[$cf_front_app_host],
+ proxy_preserve_host => true;
+ default: * => $::profile::apache::apache_vhost_default;
}
user { $cf_user: