summaryrefslogtreecommitdiff
path: root/hieradata
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2020-06-06 01:43:44 +0200
committerJan Dittberner <jandd@cacert.org>2020-06-06 01:43:44 +0200
commit4009f3ee723da5914653dfbebe2cb3d21fe3f96f (patch)
treeb15aa5515bda1a94d640a0b1b5859136f279efde /hieradata
parentcb19b060bccb57b1e7f04b90a9a35536ec9716ca (diff)
downloadcacert-puppet-4009f3ee723da5914653dfbebe2cb3d21fe3f96f.tar.gz
cacert-puppet-4009f3ee723da5914653dfbebe2cb3d21fe3f96f.tar.xz
cacert-puppet-4009f3ee723da5914653dfbebe2cb3d21fe3f96f.zip
Add new profile nginx_revproxy and use it for email
This commit adds a new profile nginx_revproxy to setup an nginx based reverse proxy. The commit contains configuration for such a proxy to forward traffic for community.cacert.org to the http virtual host on the webstatic system. It also contains custom nginx configuration to enable the redirects from old URLs to the motion and selfservice systems. The profile includes x509cert_common to install the certificate and private key required for the community.cacert.org virtual host. The new profile is assigned to email via the email role.
Diffstat (limited to 'hieradata')
-rw-r--r--hieradata/nodes/email.yaml18
1 files changed, 18 insertions, 0 deletions
diff --git a/hieradata/nodes/email.yaml b/hieradata/nodes/email.yaml
index 4b5f0b9..876c329 100644
--- a/hieradata/nodes/email.yaml
+++ b/hieradata/nodes/email.yaml
@@ -165,6 +165,24 @@ profiles::cacert_selfservice_api::server_private_key: >
huAu6YafNhB8IBwK4oljoITzHVxzpCAP/Pis44IKOkbj4/HWQmJH/IQXmMEl
/02OqZvJJOgkpUGYrsJud+ZAATIhpZwb8JfQMw6mes/6aPdGCZjMJaHPgFjU
h6Q0uA==]
+profiles::nginx_revproxy::virtual_hosts:
+ 'community.cacert.org':
+ target: http://10.0.0.116/
+ custom_config: |
+ location /password.php {
+ return 301 https://selfservice.cacert.org/password-reset;
+ }
+ location /staff.php {
+ return 301 https://selfservice.cacert.org/staff;
+ }
+ location /board {
+ rewrite ^/board/motions.php\?(motion=.*)$ https://motion.cacert.org/motions/$1? last;
+ rewrite ^/board/motions.php https://motion.cacert.org/? last;
+ rewrite ^/board/vote.php https://motion.cacert.org/vote/? last;
+ rewrite ^/board/proxy.php https://motion.cacert.org/proxy/? last;
+ rewrite ^/board https://motion.cacert.org/? last;
+ return 404;
+ }
profiles::x509cert_common::certificates:
'community.cacert.org':
certificate: |