summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2017-08-26 22:35:59 +0200
committerJan Dittberner <jandd@cacert.org>2017-08-26 22:35:59 +0200
commitbaf18bec4a16094152c6c935faccb89e6de65ccf (patch)
tree59bae82a28b96ffd4f9c8d8670ac1d2eec2865e4
parent55b9888e1b8cabaf60bb010f070eb8a5d94ab760 (diff)
downloadcacert-puppet-baf18bec4a16094152c6c935faccb89e6de65ccf.tar.gz
cacert-puppet-baf18bec4a16094152c6c935faccb89e6de65ccf.tar.xz
cacert-puppet-baf18bec4a16094152c6c935faccb89e6de65ccf.zip
Install local nginx to redirect incoming http requests to https
-rw-r--r--sitemodules/profiles/files/sniproxy/nginx.conf28
-rw-r--r--sitemodules/profiles/manifests/sniproxy.pp15
2 files changed, 43 insertions, 0 deletions
diff --git a/sitemodules/profiles/files/sniproxy/nginx.conf b/sitemodules/profiles/files/sniproxy/nginx.conf
new file mode 100644
index 0000000..3115551
--- /dev/null
+++ b/sitemodules/profiles/files/sniproxy/nginx.conf
@@ -0,0 +1,28 @@
+# THIS FILE IS MANAGED BY PUPPET, MANUAL CHANGES WILL BE OVERWRITTEN AT THE
+# NEXT PUPPET RUN.
+#
+user www-data;
+worker_processes 4;
+pid /var/run/nginx.pid;
+events {
+ worker_connections 768;
+}
+http {
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+ keepalive_timeout 65;
+ types_hash_max_size 2048;
+ server_names_hash_bucket_size 64;
+ default_type application/octet-stream;
+ access_log /var/log/nginx/access.log;
+ error_log /var/log/nginx/error.log;
+ log_format main '$remote_addr - $remote_user [$time_local] '
+ '$server_name '
+ '"$request" $status $body_bytes_sent '
+ '"$http_referer" "$http_user_agent"';
+ server {
+ listen 127.0.0.1:8080 default_server;
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/sitemodules/profiles/manifests/sniproxy.pp b/sitemodules/profiles/manifests/sniproxy.pp
index e34e93f..4a19ebd 100644
--- a/sitemodules/profiles/manifests/sniproxy.pp
+++ b/sitemodules/profiles/manifests/sniproxy.pp
@@ -76,4 +76,19 @@ class profiles::sniproxy (
require => [Package['sniproxy'], File['/etc/default/sniproxy'], File['/etc/sniproxy.conf']],
subscribe => [File['/etc/default/sniproxy'], File['/etc/sniproxy.conf']],
}
+
+ package { 'nginx-light':
+ ensure => present,
+ } ->
+ file { '/etc/nginx/nginx.conf':
+ ensure => file,
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ source => 'puppet:///modules/profiles/sniproxy/nginx.conf',
+ } ->
+ service { 'nginx':
+ ensure => running,
+ enable => true,
+ }
}