summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2020-06-05 22:44:14 +0200
committerJan Dittberner <jandd@cacert.org>2020-06-05 22:44:14 +0200
commit169d4518e8c3b4a44b440cc922f7e42369f7ef93 (patch)
treea477678c69f33da6d3e6f5cee83c88de58516fb3
parentb04591f3908329b4b67043291a45ed093cf30a52 (diff)
downloadcacert-puppet-169d4518e8c3b4a44b440cc922f7e42369f7ef93.tar.gz
cacert-puppet-169d4518e8c3b4a44b440cc922f7e42369f7ef93.tar.xz
cacert-puppet-169d4518e8c3b4a44b440cc922f7e42369f7ef93.zip
Add vhost for community.cacert.org on webstatic
This VirtualHost definition will be proxied from email.cacert.org that will terminate the TLS connection too. A git hook for publishing the content of the https://git.cacert.org/cacert-community-website.git repository will be added.
-rw-r--r--hieradata/nodes/webstatic.yaml29
1 files changed, 29 insertions, 0 deletions
diff --git a/hieradata/nodes/webstatic.yaml b/hieradata/nodes/webstatic.yaml
index 21bf5fe..d37a582 100644
--- a/hieradata/nodes/webstatic.yaml
+++ b/hieradata/nodes/webstatic.yaml
@@ -143,6 +143,35 @@ profiles::static_websites::apache_vhosts:
- 'set Pragma "no-cache"'
- 'set Expires "-1"'
- 'set X-Permitted-Cross-Domain-Policies "master-only"'
+ 'community.cacert.org':
+ port: 80
+ access_log: true
+ access_log_format: "combined"
+ error_log: true
+ log_level: "warn"
+ docroot: "/var/www/community.cacert.org"
+ docroot_owner: "git"
+ docroot_mode: "0755"
+ directoryindex:
+ - "index.html"
+ directories:
+ -
+ path: "/var/www/community.cacert.org"
+ options:
+ - "-Includes"
+ - "-Indexes"
+ - "-FollowSymLinks"
+ - "-MultiViews"
+ require: "all granted"
+ headers:
+ - 'set X-Frame-Options "sameorigin"'
+ - 'set Strict-Transport-Security "max-age=31536000; includeSubDomains"'
+ - 'set X-XSS-Protection "1; mode=block"'
+ - 'set Cache-Control "no-cache, no-store, must-revalidate"'
+ - 'set Pragma "no-cache"'
+ - 'set Expires "-1"'
+ - 'set X-Permitted-Cross-Domain-Policies "master-only"'
+ - "set Content-Security-Policy \"default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; connect-src 'self';\""
'infradocs.cacert.org':
port: 80
access_log: true