From 27a5675d916f3fe826f7a8fb9929f652fb9fe4eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Mon, 24 Feb 2020 10:16:51 +0100
Subject: [PATCH] openproject ssl fix?
---
manifests/site.pp | 17 +++++----
modules/insidan/manifests/apache_proxy.pp | 42 ++++++++++++++++++-----
modules/wordpress/manifests/init.pp | 4 +--
3 files changed, 44 insertions(+), 19 deletions(-)
diff --git a/manifests/site.pp b/manifests/site.pp
index da8ed9f..7bcbb8c 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -26,28 +26,27 @@ node 'liufs-test' {
mpm_module => 'prefork',
}
- wordpress { 'liufs-test':
$apache_env = {
- 'APACHE_PID_FILE' => '/var/run/apache2/apache2.pid',
- 'APACHE_RUN_DIR' => '/var/run/apache2',
- 'APACHE_LOCK_DIR' => '/var/lock/apache2',
- 'APACHE_RUN_USER' => 'www-data',
- 'APACHE_RUN_GROUP' => 'www-data',
+ 'APACHE_PID_FILE' => '/var/run/apache2/apache2.pid',
+ 'APACHE_RUN_DIR' => '/var/run/apache2',
+ 'APACHE_LOCK_DIR' => '/var/lock/apache2',
+ 'APACHE_RUN_USER' => 'www-data',
+ 'APACHE_RUN_GROUP' => 'www-data',
}
file { '/etc/apache2/envvars':
content => join(map($apache_env) |$key, $value| { "export ${key}=${value}" }, "\n"),
}
+ wordpress { 'liufs-test':
# extra_url => [ 'liuformulastudent.se', ],
webserver => apache,
}
- insidan::apache_proxy { 'openproject_proxy':
- url => 'liufs-test.lysator.liu.se',
+ insidan::apache_proxy { 'liufs-test':
}
class { 'insidan::openproject':
logo => 'liufs.png',
- url => 'liufs-test.lysator.liu.se',
+ url => 'insidan.liufs-test.lysator.liu.se',
}
}
diff --git a/modules/insidan/manifests/apache_proxy.pp b/modules/insidan/manifests/apache_proxy.pp
index fdf5732..77b3171 100644
--- a/modules/insidan/manifests/apache_proxy.pp
+++ b/modules/insidan/manifests/apache_proxy.pp
@@ -1,13 +1,39 @@
define insidan::apache_proxy (
- $url
+ String $domain = 'lysator.liu.se',
+ String $url = "insidan.${name}.${domainname}",
+ Array[String] $extra_url = [],
) {
- apache::vhost { 'openproject':
- docroot => '/var/www',
- servername => $url,
- port => 8080,
- proxy_pass => [
- { 'path' => '/', 'url' => 'http://localhost:6000/' },
- ]
+
+ letsencrypt::certonly { $url:
+ domains => $extra_url << $url,
+ manage_cron => true,
+ suppress_cron_output => true,
+ cron_hour => '4',
+ cron_minute => '32',
+ plugin => 'apache',
+ }
+
+ # This is copied from wordpress/init.pp
+ ($extra_url << $url).each |$name| {
+ apache::vhost { "${name}_non-ssl":
+ servername => $name,
+ port => 80,
+ redirect_status => 'permanent',
+ redirect_dest => "https://${name}",
+ before => Letsencrypt::Certonly[$url],
+ }
+
+ apache::vhost { "${name}_ssl":
+ servername => $name,
+ port => 443
+ ssl => true,
+ ssl_cert => "/etc/letsencrypt/live/${url}/fullchain.pem",
+ ssl_key => "/etc/letsencrypt/live/${url}/privkey.pem",
+ require => Letsencrypt::Certonly[$url],
+ proxy_pass => [
+ { 'path' => '/', 'url' => 'http://localhost:6000/' },
+ ]
+ }
}
}
diff --git a/modules/wordpress/manifests/init.pp b/modules/wordpress/manifests/init.pp
index 1c00b33..01c5d29 100644
--- a/modules/wordpress/manifests/init.pp
+++ b/modules/wordpress/manifests/init.pp
@@ -92,7 +92,7 @@ define wordpress (
docroot => $wp_path,
redirect_status => 'permanent',
redirect_dest => "https://${name}",
- before => Letsencrypt::Certonly[$url],
+ before => Letsencrypt::Certonly[$url],
}
apache::vhost { "${name}_ssl":
@@ -102,7 +102,7 @@ define wordpress (
ssl => true,
ssl_cert => "/etc/letsencrypt/live/${url}/fullchain.pem",
ssl_key => "/etc/letsencrypt/live/${url}/privkey.pem",
- require => Letsencrypt::Certonly[$url],
+ require => Letsencrypt::Certonly[$url],
}
}
}
--
GitLab