diff options
-rw-r--r-- | environments/global/roles/etherpad.yaml | 2 | ||||
-rw-r--r-- | modules/role/manifests/etherpad.pp | 22 |
2 files changed, 21 insertions, 3 deletions
diff --git a/environments/global/roles/etherpad.yaml b/environments/global/roles/etherpad.yaml index f8781e1..6210fcf 100644 --- a/environments/global/roles/etherpad.yaml +++ b/environments/global/roles/etherpad.yaml | |||
@@ -1,3 +1,5 @@ | |||
1 | --- | 1 | --- |
2 | classes: | 2 | classes: |
3 | role::etherpad: ~ | 3 | role::etherpad: ~ |
4 | letsencrypt::hosts: "ether.%{lookup('base_installation::real_hostname')}" | ||
5 | role::etherpad::web_host: "ether.%{lookup('base_installation::real_hostname')}" | ||
diff --git a/modules/role/manifests/etherpad.pp b/modules/role/manifests/etherpad.pp index 1d9a8ff..5ab5023 100644 --- a/modules/role/manifests/etherpad.pp +++ b/modules/role/manifests/etherpad.pp | |||
@@ -1,8 +1,9 @@ | |||
1 | class role::etherpad ( | 1 | class role::etherpad ( |
2 | String $web_host, | ||
2 | ) { | 3 | ) { |
3 | $password_seed = lookup("base_installation::puppet_pass_seed") | 4 | $password_seed = lookup("base_installation::puppet_pass_seed") |
4 | $web_host = lookup("base_installation::real_hostname") | 5 | $real_host = lookup("base_installation::real_hostname") |
5 | $web_listen = "0.0.0.0" | 6 | $web_listen = "127.0.0.1" |
6 | $web_port = 18000 | 7 | $web_port = 18000 |
7 | $pg_db = "etherpad-lite" | 8 | $pg_db = "etherpad-lite" |
8 | $pg_user = "etherpad-lite" | 9 | $pg_user = "etherpad-lite" |
@@ -88,7 +89,7 @@ class role::etherpad ( | |||
88 | } | 89 | } |
89 | 90 | ||
90 | profile::postgresql::master { "postgresql master for etherpad": | 91 | profile::postgresql::master { "postgresql master for etherpad": |
91 | letsencrypt_host => $web_host, | 92 | letsencrypt_host => $real_host, |
92 | backup_hosts => ["backup-1"], | 93 | backup_hosts => ["backup-1"], |
93 | } | 94 | } |
94 | 95 | ||
@@ -105,4 +106,19 @@ class role::etherpad ( | |||
105 | order => "05-01", | 106 | order => "05-01", |
106 | } | 107 | } |
107 | 108 | ||
109 | class { 'apache::mod::headers': } | ||
110 | apache::vhost { $web_host: | ||
111 | port => '443', | ||
112 | docroot => false, | ||
113 | manage_docroot => false, | ||
114 | proxy_dest => "http://localhost:18000", | ||
115 | request_headers => 'set X-Forwarded-Proto "https"', | ||
116 | ssl => true, | ||
117 | ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem", | ||
118 | ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem", | ||
119 | ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem", | ||
120 | require => Letsencrypt::Certonly[$web_host], | ||
121 | proxy_preserve_host => true; | ||
122 | default: * => $::profile::apache::apache_vhost_default; | ||
123 | } | ||
108 | } | 124 | } |