Align all web server usage on apache module.

Change-Id: Idd712a8ee5ec81c6b88b7d3e2270dce4da254927
Reviewed-on: https://review.openstack.org/10838
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins

manifests/apache.pp

@@ -0,0 +1,58 @@
+class etherpad_lite::apache (
+  $vhost_name = $fqdn,
+  $etherpad_crt,
+  $etherpad_key
+) {
+
+  include remove_nginx
+
+  apache::vhost { $vhost_name:
+    post => 443,
+    docroot => 'MEANINGLESS ARGUMENT',
+    priority => '50',
+    template => 'etherpadlite/etherpadlite.vhost.erb',
+    require => File["/etc/ssl/certs/${vhost_name}.pem",
+                    "/etc/ssl/private/${vhost_name}.key"],
+    ssl => true,
+  }
+  a2mod { 'rewrite':
+    ensure => present
+  }
+  a2mod { 'proxy':
+    ensure => present
+  }
+  a2mod { 'proxy_http':
+    ensure => present
+  }
+
+  file { '/etc/ssl/certs':
+    ensure => directory,
+    owner  => 'root',
+    mode   => 0700,
+  }
+
+  file { '/etc/ssl/private':
+    ensure => directory,
+    owner  => 'root',
+    mode   => 0700,
+  }
+
+  file { "/etc/ssl/cert/${vhost_name}.pem":
+    ensure  => present,
+    replace => true,
+    owner   => 'root',
+    mode    => 0600,
+    content => template('etherpad_lite/eplite.crt.erb'),
+    require => Apache::Vhost[$vhost_name],
+  }
+
+  file { '/etc/ssl/private/${vhost_name}.key':
+    ensure  => present,
+    replace => true,
+    owner   => 'root',
+    mode    => 0600,
+    content => template('etherpad_lite/eplite.key.erb'),
+    require => Apache::Vhost[$vhost_name],
+  }
+
+}

manifests/init.pp

@@ -38,7 +38,7 @@ define buildsource(
 # include etherpad_lite
 # include etherpad_lite::mysql # necessary to use mysql as the backend
 # include etherpad_lite::site # configures etherpad lite instance
-# include etherpad_lite::nginx # will add reverse proxy on localhost
+# include etherpad_lite::apache # will add reverse proxy on localhost
 # The defaults for all the classes should just work (tm)
 #
 #

manifests/nginx.pp

@@ -1,62 +0,0 @@
-class etherpad_lite::nginx (
-  $default_server = 'default_server',
-  $server_name    = $fqdn,
-  $etherpad_crt,
-  $etherpad_key
-) {
-
-  package { 'nginx':
-    ensure => present
-  }
-
-  file { '/etc/nginx/sites-enabled/default':
-    ensure  => absent,
-    require => Package['nginx'],
-    notify  => Service['nginx']
-  }
-
-  file { '/etc/nginx/sites-available/etherpad-lite':
-    ensure  => present,
-    content => template('etherpad_lite/nginx.erb'),
-    replace => 'true',
-    owner   => 'root',
-    require => File['/etc/nginx/ssl/eplite.crt', '/etc/nginx/ssl/eplite.key'],
-    notify  => Service['nginx']
-  }
-
-  file { '/etc/nginx/sites-enabled/etherpad-lite':
-    ensure => link,
-    target => '/etc/nginx/sites-available/etherpad-lite'
-  }
-
-  file { '/etc/nginx/ssl':
-    ensure => directory,
-    owner  => 'root',
-    mode   => 0700,
-  }
-
-  file { '/etc/nginx/ssl/eplite.crt':
-    ensure  => present,
-    replace => true,
-    owner   => 'root',
-    mode    => 0600,
-    content => template('etherpad_lite/eplite.crt.erb'),
-    require => Package['nginx'],
-  }
-
-  file { '/etc/nginx/ssl/eplite.key':
-    ensure  => present,
-    replace => true,
-    owner   => 'root',
-    mode    => 0600,
-    content => template('etherpad_lite/eplite.key.erb'),
-    require => Package['nginx'],
-  }
-
-  service { 'nginx':
-    enable     => true,
-    ensure     => running,
-    hasrestart => true
-  }
-
-}

templates/etherpadlite.vhost.erb

@@ -0,0 +1,44 @@
+<VirtualHost <%= scope.lookupvar("etherpad_lite::vhost_name") %>:80>
+  ServerAdmin <%= scope.lookupvar("etherpad_lite::serveradmin") %>
+
+  ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::vhost_name") %>-error.log
+
+  LogLevel warn
+
+  CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::vhost_name") %>-access.log combined
+
+  Redirect / https://<%= scope.lookupvar("etherpad_lite::vhost_name") %>/
+
+</VirtualHost>
+
+<IfModule mod_ssl.c>
+<VirtualHost <%= scope.lookupvar("etherpad_lite::vhost_name") %>:443>
+  ServerName <%= scope.lookupvar("etherpad_lite::vhost_name") %>
+  ServerAdmin <%= scope.lookupvar("etherpad_lite::serveradmin") %>
+
+  ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::vhost_name") %>-ssl-error.log
+
+  LogLevel warn
+
+  CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::vhost_name") %>-ssl-access.log combined
+
+  SSLEngine on
+
+  SSLCertificateFile /etc/ssl/certs/<%= scope.lookupvar("etherpad_lite::vhost_name") %>.pem
+  SSLCertificateKeyFile /etc/ssl/private/<%= scope.lookupvar("etherpad_lite::vhost_name") %>.key
+
+  BrowserMatch "MSIE [2-6]" \
+      nokeepalive ssl-unclean-shutdown \
+      downgrade-1.0 force-response-1.0
+  # MSIE 7 and newer should be able to use keepalive
+  BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+  RewriteEngine on
+  RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("etherpad_lite::vhost_name") %>
+  RewriteRule ^.*$ https://<%= scope.lookupvar("etherpad_lite::vhost_name") %>
+  RewriteRule ^/(.*)$ http://localhost:9001/$1 [P]
+
+  ProxyPassReverse / http://localhost:9001/
+
+</VirtualHost>
+</IfModule>

templates/nginx.erb

@@ -1,29 +0,0 @@
-server {
-        listen       443 <%= default_server %>;
-        server_name  <%= server_name %>;
-
-        access_log  /var/log/nginx/eplite.access.log;
-        error_log   /var/log/nginx/eplite.error.log;
-
-        ssl                  on;
-        ssl_certificate      /etc/nginx/ssl/eplite.crt;
-        ssl_certificate_key  /etc/nginx/ssl/eplite.key;
-
-        ssl_session_timeout  5m;
-
-        ssl_protocols  SSLv2 SSLv3 TLSv1;
-        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
-        ssl_prefer_server_ciphers   on;
-
-        location / {
-            proxy_pass             http://localhost:9001/;
-            proxy_set_header       Host $host;
-            proxy_buffering off;
-        }
-}
-
-server {
-    listen       80 <%= default_server %>;
-    server_name  <%= server_name %>;
-    rewrite     ^(.*)   https://$server_name$1 permanent;
-}