Add new profile nginx_revproxy and use it for email

This commit adds a new profile nginx_revproxy to setup an nginx based
reverse proxy. The commit contains configuration for such a proxy to
forward traffic for community.cacert.org to the http virtual host on the
webstatic system. It also contains custom nginx configuration to enable
the redirects from old URLs to the motion and selfservice systems. The
profile includes x509cert_common to install the certificate and private
key required for the community.cacert.org virtual host.

The new profile is assigned to email via the email role.

1 files changed, 18 insertions, 0 deletions

diff --git a/hieradata/nodes/email.yaml b/hieradata/nodes/email.yaml
index 4b5f0b9..876c329 100644
--- a/hieradata/nodes/email.yaml
+++ b/hieradata/nodes/email.yaml
@@ -165,6 +165,24 @@ profiles::cacert_selfservice_api::server_private_key: >
     huAu6YafNhB8IBwK4oljoITzHVxzpCAP/Pis44IKOkbj4/HWQmJH/IQXmMEl
     /02OqZvJJOgkpUGYrsJud+ZAATIhpZwb8JfQMw6mes/6aPdGCZjMJaHPgFjU
     h6Q0uA==]
+profiles::nginx_revproxy::virtual_hosts:
+  'community.cacert.org':
+    target: http://10.0.0.116/
+    custom_config: |
+      location /password.php {
+        return 301 https://selfservice.cacert.org/password-reset;
+      }
+      location /staff.php {
+        return 301 https://selfservice.cacert.org/staff;
+      }
+      location /board {
+        rewrite ^/board/motions.php\?(motion=.*)$ https://motion.cacert.org/motions/$1? last;
+        rewrite ^/board/motions.php https://motion.cacert.org/? last;
+        rewrite ^/board/vote.php https://motion.cacert.org/vote/? last;
+        rewrite ^/board/proxy.php https://motion.cacert.org/proxy/? last;
+        rewrite ^/board https://motion.cacert.org/? last;
+        return 404;
+      }
 profiles::x509cert_common::certificates:
   'community.cacert.org':
     certificate: |