281acd62ab
Dynamic scoping for variables in ERB templates was removed in puppet 4[1] which means that the variables defined in the manifest cannot be found when it is referenced in the httpd::vhost defined type and will be evaluated as nil when puppet runs. Use scope.lookupvar instead to be explicit about the variable's source. [1] https://puppet.com/docs/puppet/4.10/lang_updating_manifests.html#dynamic-scoping-in-erb Change-Id: I8d2b351537ad8fc0a06c58e1dd23d8423f38a328
88 lines
3.3 KiB
Plaintext
88 lines
3.3 KiB
Plaintext
<VirtualHost *:80>
|
|
ServerName <%= scope.lookupvar("ethercalc::apache::vhost_name") %>
|
|
ServerAdmin <%= scope.lookupvar("ethercalc::apache::serveradmin") %>
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("ethercalc::apache::vhost_name") %>-error.log
|
|
|
|
LogLevel warn
|
|
|
|
CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("ethercalc::apache::vhost_name") %>-access.log combined
|
|
|
|
Redirect / https://<%= scope.lookupvar("ethercalc::apache::vhost_name") %>/
|
|
|
|
</VirtualHost>
|
|
|
|
<IfModule mod_ssl.c>
|
|
<VirtualHost *:443>
|
|
ServerName <%= scope.lookupvar("ethercalc::apache::vhost_name") %>
|
|
ServerAdmin <%= scope.lookupvar("ethercalc::apache::serveradmin") %>
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("ethercalc::apache::vhost_name") %>-ssl-error.log
|
|
|
|
LogLevel warn
|
|
|
|
CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("ethercalc::apache::vhost_name") %>-ssl-access.log combined
|
|
|
|
SSLEngine on
|
|
SSLProtocol All -SSLv2 -SSLv3
|
|
|
|
SSLCertificateFile <%= scope.lookupvar("ethercalc::apache::ssl_cert_file") %>
|
|
SSLCertificateKeyFile <%= scope.lookupvar("ethercalc::apache::ssl_key_file") %>
|
|
<% if scope.lookupvar("ethercalc::apache::ssl_chain_file") != "" %>
|
|
SSLCertificateChainFile <%= scope.lookupvar("ethercalc::apache::ssl_chain_file") %>
|
|
<% end %>
|
|
|
|
BrowserMatch "MSIE [2-6]" \
|
|
nokeepalive ssl-unclean-shutdown \
|
|
downgrade-1.0 force-response-1.0
|
|
# MSIE 7 and newer should be able to use keepalive
|
|
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
|
|
|
|
<% auth_openid = scope["ethercalc::apache::auth_openid"] %>
|
|
<% if ! [nil, :undef].include?(auth_openid) %>
|
|
<Location />
|
|
AuthType OpenID
|
|
AuthName "<%= auth_openid['banner'] %>"
|
|
AuthOpenIDSecureCookie On
|
|
AuthOpenIDCookieLifespan 3600
|
|
AuthOpenIDTrustRoot https://<%= scope.lookupvar("ethercalc::apache::vhost_name") %>
|
|
AuthOpenIDServerName https://<%= scope.lookupvar("ethercalc::apache::vhost_name") %>
|
|
AuthOpenIDSingleIdP <%= auth_openid['singleIdp'] %>
|
|
AuthOpenIDTrusted <%= auth_openid['trusted'] %>
|
|
<% if auth_openid['any_valid_user'] %>
|
|
Require valid-user
|
|
<% elsif !auth_openid['users'].empty? %>
|
|
<% auth_openid['users'].each do |user| -%>
|
|
Require user <%= user %>
|
|
<% end -%>
|
|
<% end %>
|
|
</Location>
|
|
<% end %>
|
|
|
|
# Proxy pass to the node.js server (port 8000)
|
|
ProxyPass / http://127.0.0.1:8000/
|
|
ProxyPassReverse / http://127.0.0.1:8000/
|
|
|
|
RewriteEngine On
|
|
|
|
# Do not rewrite the /server-status URL (though by default, this
|
|
# is only accessible from localhost). Connect to it with:
|
|
# ssh -L 8443:localhost:443 $HOSTNAME
|
|
# https://localhost:8443/server-status
|
|
RewriteRule ^/server-status$ /server-status [L]
|
|
|
|
# Set up websockets to work through the proxy
|
|
RewriteCond %{REQUEST_URI} ^/socket.io [NC]
|
|
RewriteCond %{QUERY_STRING} transport=websocket [NC]
|
|
RewriteRule /(.*) ws://localhost:8000/$1 [P,L]
|
|
|
|
|
|
# Set up an alias for static files. Saves having to serve them from node.js
|
|
Alias /robots.txt <%= scope.lookupvar("ethercalc::apache::docroot") %>/robots.txt
|
|
Alias /static <%= scope.lookupvar("ethercalc::base_install_dir") %>/node_modules/ethercalc/static
|
|
Alias /l10n <%= scope.lookupvar("ethercalc::base_install_dir") %>/node_modules/ethercalc/l10n
|
|
Alias /images <%= scope.lookupvar("ethercalc::base_install_dir") %>/node_modules/ethercalc/images
|
|
|
|
</VirtualHost>
|
|
</IfModule>
|