From 2bb35074eef353f03b4373f695834c0be41609ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Sun, 18 Feb 2018 23:51:53 +0100 Subject: Migrate to apache --- modules/role/manifests/cryptoportfolio.pp | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) (limited to 'modules/role/manifests') diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp index 0f26527..084419e 100644 --- a/modules/role/manifests/cryptoportfolio.pp +++ b/modules/role/manifests/cryptoportfolio.pp @@ -2,6 +2,7 @@ class role::cryptoportfolio { include "base_installation" include "profile::postgresql" + include "profile::apache" $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} } @@ -47,11 +48,23 @@ class role::cryptoportfolio { order => "b0", } - class { 'nginx': } - - nginx::resource::server { $cf_front_app_host: - listen_port => 80, - proxy => 'http://localhost:8000', + apache::vhost { $cf_front_app_host: + port => '80', + docroot => false, + manage_docroot => false, + proxy_dest => "http://localhost:8000", + proxy_preserve_host => true, + no_proxy_uris => [ + "/maintenance_immae.html", + "/googleb6d69446ff4ca3e5.html", + "/.well-known/acme-challenge" + ], + no_proxy_uris_match => [ + '^/licen[cs]es?_et_tip(ping)?$', + '^/licen[cs]es?_and_tip(ping)?$', + '^/licen[cs]es?$', + '^/tip(ping)?$', + ] } user { $cf_user: -- cgit v1.2.3 From 8af3ea1e76efa88a52d089a4f6ac65a175f31369 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Mon, 19 Feb 2018 22:30:16 +0100 Subject: Add tools --- modules/role/manifests/cryptoportfolio.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'modules/role/manifests') diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp index 084419e..49ab57b 100644 --- a/modules/role/manifests/cryptoportfolio.pp +++ b/modules/role/manifests/cryptoportfolio.pp @@ -1,6 +1,7 @@ class role::cryptoportfolio { include "base_installation" + include "profile::tools" include "profile::postgresql" include "profile::apache" -- cgit v1.2.3 From e345248bd85980f6fefe7bc62251cc5b97f64854 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Tue, 20 Feb 2018 08:24:52 +0100 Subject: Add letsencrypt --- modules/role/manifests/cryptoportfolio.pp | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) (limited to 'modules/role/manifests') diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp index 49ab57b..d2323a4 100644 --- a/modules/role/manifests/cryptoportfolio.pp +++ b/modules/role/manifests/cryptoportfolio.pp @@ -49,23 +49,24 @@ class role::cryptoportfolio { order => "b0", } + letsencrypt::certonly { $cf_front_app_host: ; + default: * => $::profile::apache::letsencrypt_certonly_default; + } + + class { 'apache::mod::headers': } apache::vhost { $cf_front_app_host: - port => '80', + port => '443', docroot => false, manage_docroot => false, proxy_dest => "http://localhost:8000", - proxy_preserve_host => true, - no_proxy_uris => [ - "/maintenance_immae.html", - "/googleb6d69446ff4ca3e5.html", - "/.well-known/acme-challenge" - ], - no_proxy_uris_match => [ - '^/licen[cs]es?_et_tip(ping)?$', - '^/licen[cs]es?_and_tip(ping)?$', - '^/licen[cs]es?$', - '^/tip(ping)?$', - ] + request_headers => 'set X-Forwarded-Proto "https"', + ssl => true, + ssl_cert => "/etc/letsencrypt/live/$cf_front_app_host/cert.pem", + ssl_key => "/etc/letsencrypt/live/$cf_front_app_host/privkey.pem", + ssl_chain => "/etc/letsencrypt/live/$cf_front_app_host/chain.pem", + require => Letsencrypt::Certonly[$cf_front_app_host], + proxy_preserve_host => true; + default: * => $::profile::apache::apache_vhost_default; } user { $cf_user: -- cgit v1.2.3