diff options
author | Jan Dittberner <jandd@cacert.org> | 2020-06-05 22:44:14 +0200 |
---|---|---|
committer | Jan Dittberner <jandd@cacert.org> | 2020-06-05 22:44:14 +0200 |
commit | 169d4518e8c3b4a44b440cc922f7e42369f7ef93 (patch) | |
tree | a477678c69f33da6d3e6f5cee83c88de58516fb3 /hieradata | |
parent | b04591f3908329b4b67043291a45ed093cf30a52 (diff) | |
download | cacert-puppet-169d4518e8c3b4a44b440cc922f7e42369f7ef93.tar.gz cacert-puppet-169d4518e8c3b4a44b440cc922f7e42369f7ef93.tar.xz cacert-puppet-169d4518e8c3b4a44b440cc922f7e42369f7ef93.zip |
Add vhost for community.cacert.org on webstatic
This VirtualHost definition will be proxied from email.cacert.org that
will terminate the TLS connection too. A git hook for publishing the
content of the https://git.cacert.org/cacert-community-website.git
repository will be added.
Diffstat (limited to 'hieradata')
-rw-r--r-- | hieradata/nodes/webstatic.yaml | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/hieradata/nodes/webstatic.yaml b/hieradata/nodes/webstatic.yaml index 21bf5fe..d37a582 100644 --- a/hieradata/nodes/webstatic.yaml +++ b/hieradata/nodes/webstatic.yaml @@ -143,6 +143,35 @@ profiles::static_websites::apache_vhosts: - 'set Pragma "no-cache"' - 'set Expires "-1"' - 'set X-Permitted-Cross-Domain-Policies "master-only"' + 'community.cacert.org': + port: 80 + access_log: true + access_log_format: "combined" + error_log: true + log_level: "warn" + docroot: "/var/www/community.cacert.org" + docroot_owner: "git" + docroot_mode: "0755" + directoryindex: + - "index.html" + directories: + - + path: "/var/www/community.cacert.org" + options: + - "-Includes" + - "-Indexes" + - "-FollowSymLinks" + - "-MultiViews" + require: "all granted" + headers: + - 'set X-Frame-Options "sameorigin"' + - 'set Strict-Transport-Security "max-age=31536000; includeSubDomains"' + - 'set X-XSS-Protection "1; mode=block"' + - 'set Cache-Control "no-cache, no-store, must-revalidate"' + - 'set Pragma "no-cache"' + - 'set Expires "-1"' + - 'set X-Permitted-Cross-Domain-Policies "master-only"' + - "set Content-Security-Policy \"default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; connect-src 'self';\"" 'infradocs.cacert.org': port: 80 access_log: true |