From c67098465daafca1ceaf6b2b3f940f843ef09edf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Thu, 28 Jun 2018 19:07:59 +0200 Subject: Add etherpad proxy --- environments/global/roles/etherpad.yaml | 2 ++ modules/role/manifests/etherpad.pp | 22 +++++++++++++++++++--- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/environments/global/roles/etherpad.yaml b/environments/global/roles/etherpad.yaml index f8781e1..6210fcf 100644 --- a/environments/global/roles/etherpad.yaml +++ b/environments/global/roles/etherpad.yaml @@ -1,3 +1,5 @@ --- classes: role::etherpad: ~ +letsencrypt::hosts: "ether.%{lookup('base_installation::real_hostname')}" +role::etherpad::web_host: "ether.%{lookup('base_installation::real_hostname')}" diff --git a/modules/role/manifests/etherpad.pp b/modules/role/manifests/etherpad.pp index 1d9a8ff..5ab5023 100644 --- a/modules/role/manifests/etherpad.pp +++ b/modules/role/manifests/etherpad.pp @@ -1,8 +1,9 @@ class role::etherpad ( + String $web_host, ) { $password_seed = lookup("base_installation::puppet_pass_seed") - $web_host = lookup("base_installation::real_hostname") - $web_listen = "0.0.0.0" + $real_host = lookup("base_installation::real_hostname") + $web_listen = "127.0.0.1" $web_port = 18000 $pg_db = "etherpad-lite" $pg_user = "etherpad-lite" @@ -88,7 +89,7 @@ class role::etherpad ( } profile::postgresql::master { "postgresql master for etherpad": - letsencrypt_host => $web_host, + letsencrypt_host => $real_host, backup_hosts => ["backup-1"], } @@ -105,4 +106,19 @@ class role::etherpad ( order => "05-01", } + class { 'apache::mod::headers': } + apache::vhost { $web_host: + port => '443', + docroot => false, + manage_docroot => false, + proxy_dest => "http://localhost:18000", + request_headers => 'set X-Forwarded-Proto "https"', + ssl => true, + ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem", + ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem", + ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem", + require => Letsencrypt::Certonly[$web_host], + proxy_preserve_host => true; + default: * => $::profile::apache::apache_vhost_default; + } } -- cgit v1.2.3