diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-06-28 19:52:57 +0200 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-06-28 19:52:57 +0200 |
| commit | 41790868cb155d490975e8e4480ddd2c889a3e75 (patch) | |
| tree | 746054236b28e50787ab8516874c8b5ff5776ad5 | |
| parent | 8ba2695560695a1aad5c873bf9fb982933220c6f (diff) | |
| parent | c67098465daafca1ceaf6b2b3f940f843ef09edf (diff) | |
| download | Puppet-41790868cb155d490975e8e4480ddd2c889a3e75.tar.gz Puppet-41790868cb155d490975e8e4480ddd2c889a3e75.tar.zst Puppet-41790868cb155d490975e8e4480ddd2c889a3e75.zip | |
Merge branch 'etherpad_proxy' into dev
| -rw-r--r-- | environments/global/roles/etherpad.yaml | 2 | ||||
| -rw-r--r-- | modules/role/manifests/etherpad.pp | 22 |
2 files changed, 21 insertions, 3 deletions
diff --git a/environments/global/roles/etherpad.yaml b/environments/global/roles/etherpad.yaml index f8781e1..6210fcf 100644 --- a/environments/global/roles/etherpad.yaml +++ b/environments/global/roles/etherpad.yaml | |||
| @@ -1,3 +1,5 @@ | |||
| 1 | --- | 1 | --- |
| 2 | classes: | 2 | classes: |
| 3 | role::etherpad: ~ | 3 | role::etherpad: ~ |
| 4 | letsencrypt::hosts: "ether.%{lookup('base_installation::real_hostname')}" | ||
| 5 | role::etherpad::web_host: "ether.%{lookup('base_installation::real_hostname')}" | ||
diff --git a/modules/role/manifests/etherpad.pp b/modules/role/manifests/etherpad.pp index 1d9a8ff..5ab5023 100644 --- a/modules/role/manifests/etherpad.pp +++ b/modules/role/manifests/etherpad.pp | |||
| @@ -1,8 +1,9 @@ | |||
| 1 | class role::etherpad ( | 1 | class role::etherpad ( |
| 2 | String $web_host, | ||
| 2 | ) { | 3 | ) { |
| 3 | $password_seed = lookup("base_installation::puppet_pass_seed") | 4 | $password_seed = lookup("base_installation::puppet_pass_seed") |
| 4 | $web_host = lookup("base_installation::real_hostname") | 5 | $real_host = lookup("base_installation::real_hostname") |
| 5 | $web_listen = "0.0.0.0" | 6 | $web_listen = "127.0.0.1" |
| 6 | $web_port = 18000 | 7 | $web_port = 18000 |
| 7 | $pg_db = "etherpad-lite" | 8 | $pg_db = "etherpad-lite" |
| 8 | $pg_user = "etherpad-lite" | 9 | $pg_user = "etherpad-lite" |
| @@ -88,7 +89,7 @@ class role::etherpad ( | |||
| 88 | } | 89 | } |
| 89 | 90 | ||
| 90 | profile::postgresql::master { "postgresql master for etherpad": | 91 | profile::postgresql::master { "postgresql master for etherpad": |
| 91 | letsencrypt_host => $web_host, | 92 | letsencrypt_host => $real_host, |
| 92 | backup_hosts => ["backup-1"], | 93 | backup_hosts => ["backup-1"], |
| 93 | } | 94 | } |
| 94 | 95 | ||
| @@ -105,4 +106,19 @@ class role::etherpad ( | |||
| 105 | order => "05-01", | 106 | order => "05-01", |
| 106 | } | 107 | } |
| 107 | 108 | ||
| 109 | class { 'apache::mod::headers': } | ||
| 110 | apache::vhost { $web_host: | ||
| 111 | port => '443', | ||
| 112 | docroot => false, | ||
| 113 | manage_docroot => false, | ||
| 114 | proxy_dest => "http://localhost:18000", | ||
| 115 | request_headers => 'set X-Forwarded-Proto "https"', | ||
| 116 | ssl => true, | ||
| 117 | ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem", | ||
| 118 | ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem", | ||
| 119 | ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem", | ||
| 120 | require => Letsencrypt::Certonly[$web_host], | ||
| 121 | proxy_preserve_host => true; | ||
| 122 | default: * => $::profile::apache::apache_vhost_default; | ||
| 123 | } | ||
| 108 | } | 124 | } |