Add etherpad proxy

author Ismaël Bouya <ismael.bouya@normalesup.org>

Thu, 28 Jun 2018 17:07:59 +0000 (19:07 +0200)

committer Ismaël Bouya <ismael.bouya@normalesup.org>

Thu, 28 Jun 2018 17:26:47 +0000 (19:26 +0200)
author Ismaël Bouya <ismael.bouya@normalesup.org>
Thu, 28 Jun 2018 17:07:59 +0000 (19:07 +0200)
committer Ismaël Bouya <ismael.bouya@normalesup.org>
Thu, 28 Jun 2018 17:26:47 +0000 (19:26 +0200)
diff --git a/environments/global/roles/etherpad.yaml b/environments/global/roles/etherpad.yaml

index f8781e139f22da3e607e8aef24597439a67ce43d..6210fcfa9d31e5d65327b45b76b0bc1c41c330b2 100644 (file)
--- a/environments/global/roles/etherpad.yaml
+++ b/environments/global/roles/etherpad.yaml
@@ -1,3 +1,5 @@
  ---
  classes:
    role::etherpad: ~
+letsencrypt::hosts: "ether.%{lookup('base_installation::real_hostname')}"
+role::etherpad::web_host: "ether.%{lookup('base_installation::real_hostname')}"
diff --git a/modules/role/manifests/etherpad.pp b/modules/role/manifests/etherpad.pp

index 1d9a8ffd7217d6f6f336308a57367bb183fd19ee..5ab5023124a28805980a03d5c72c08273db0054c 100644 (file)
--- a/modules/role/manifests/etherpad.pp
+++ b/modules/role/manifests/etherpad.pp
@@ -1,8 +1,9 @@
  class role::etherpad (
+  String $web_host,
  ) {
    $password_seed = lookup("base_installation::puppet_pass_seed")
-  $web_host    = lookup("base_installation::real_hostname")
-  $web_listen  = "0.0.0.0"
+  $real_host   = lookup("base_installation::real_hostname")
+  $web_listen  = "127.0.0.1"
    $web_port    = 18000
    $pg_db       = "etherpad-lite"
    $pg_user     = "etherpad-lite"
@@ -88,7 +89,7 @@ class role::etherpad (
    }
  
    profile::postgresql::master { "postgresql master for etherpad":
-    letsencrypt_host => $web_host,
+    letsencrypt_host => $real_host,
      backup_hosts     => ["backup-1"],
    }
  
@@ -105,4 +106,19 @@ class role::etherpad (
      order       => "05-01",
    }
  
+  class { 'apache::mod::headers': }
+  apache::vhost { $web_host:
+    port                => '443',
+    docroot             => false,
+    manage_docroot      => false,
+    proxy_dest          => "http://localhost:18000",
+    request_headers     => 'set X-Forwarded-Proto "https"',
+    ssl                 => true,
+    ssl_cert            => "/etc/letsencrypt/live/$web_host/cert.pem",
+    ssl_key             => "/etc/letsencrypt/live/$web_host/privkey.pem",
+    ssl_chain           => "/etc/letsencrypt/live/$web_host/chain.pem",
+    require             => Letsencrypt::Certonly[$web_host],
+    proxy_preserve_host => true;
+    default: *          => $::profile::apache::apache_vhost_default;
+  }
  }
author	Ismaël Bouya <ismael.bouya@normalesup.org>
	Thu, 28 Jun 2018 17:07:59 +0000 (19:07 +0200)
committer	Ismaël Bouya <ismael.bouya@normalesup.org>
	Thu, 28 Jun 2018 17:26:47 +0000 (19:26 +0200)
environments/global/roles/etherpad.yaml		patch \| blob \| blame \| history
modules/role/manifests/etherpad.pp		patch \| blob \| blame \| history