summaryrefslogtreecommitdiff
path: root/hieradata
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2019-08-02 18:19:45 +0200
committerJan Dittberner <jandd@cacert.org>2019-08-02 18:19:45 +0200
commit9a49de9ffe7305e202f469a4153ea3b17643c6f6 (patch)
treec04ae685068f4f24e79a11b6bf0ddcc6d8885c40 /hieradata
parentad2d04ff2dd9bd23e488ed5d901c5181c5da8c08 (diff)
downloadcacert-puppet-9a49de9ffe7305e202f469a4153ea3b17643c6f6.tar.gz
cacert-puppet-9a49de9ffe7305e202f469a4153ea3b17643c6f6.tar.xz
cacert-puppet-9a49de9ffe7305e202f469a4153ea3b17643c6f6.zip
Setup Apache httpd on webstatic
Diffstat (limited to 'hieradata')
-rw-r--r--hieradata/nodes/webstatic.yaml100
1 files changed, 100 insertions, 0 deletions
diff --git a/hieradata/nodes/webstatic.yaml b/hieradata/nodes/webstatic.yaml
index c489195..21bf5fe 100644
--- a/hieradata/nodes/webstatic.yaml
+++ b/hieradata/nodes/webstatic.yaml
@@ -72,3 +72,103 @@ profiles::icinga2_agent::pki_ticket: >
zWIAoTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCz2/HN15HQ/xCGQExX
Ozd9gDCOqJLm9jtlSoCpwDwzowwiCgRj+k1s444lp1RkvgWKCrfO3QkOF3aR
MY7nsz39ve8=]
+profiles::static_websites::apache_vhosts:
+ 'webstatic.cacert.org':
+ port: 80
+ access_log: true
+ access_log_format: "combined"
+ error_log: true
+ log_level: "warn"
+ redirect_source:
+ - "/"
+ redirect_dest:
+ - "https://www.cacert.org/"
+ docroot: false
+ manage_docroot: false
+ 'funding.cacert.org':
+ port: 80
+ access_log: true
+ access_log_format: "combined"
+ error_log: true
+ log_level: "warn"
+ docroot: "/var/www/funding.cacert.org"
+ docroot_owner: "git"
+ docroot_mode: "0755"
+ directoryindex:
+ - "index.html"
+ directories:
+ -
+ path: "/var/www/funding.cacert.org"
+ options:
+ - "-Includes"
+ - "-Indexes"
+ - "-FollowSymLinks"
+ - "-MultiViews"
+ require: "all granted"
+ headers:
+ - 'set X-Frame-Options "sameorigin"'
+ - 'set Strict-Transport-Security "max-age=31536000; includeSubDomains"'
+ - 'set X-XSS-Protection "1; mode=block"'
+ - 'set Cache-Control "no-cache, no-store, must-revalidate"'
+ - 'set Pragma "no-cache"'
+ - 'set Expires "-1"'
+ - 'set X-Permitted-Cross-Domain-Policies "master-only"'
+ - "set Content-Security-Policy \"default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; connect-src 'self';\""
+ 'codedocs.cacert.org':
+ port: 80
+ access_log: true
+ access_log_format: "combined"
+ error_log: true
+ log_level: "warn"
+ docroot: "/var/www/codedocs.cacert.org/html"
+ docroot_owner: "jenkins-infradocs"
+ docroot_group: "upload"
+ docroot_mode: "0755"
+ directoryindex:
+ - "index.html"
+ directories:
+ -
+ path: "/var/www/codedocs.cacert.org/html"
+ options:
+ - "-Includes"
+ - "-Indexes"
+ - "-FollowSymLinks"
+ - "-MultiViews"
+ require: "all granted"
+ headers:
+ - 'set X-Frame-Options "sameorigin"'
+ - 'set Strict-Transport-Security "max-age=31536000; includeSubDomains"'
+ - 'set X-XSS-Protection "1; mode=block"'
+ - 'set Cache-Control "no-cache, no-store, must-revalidate"'
+ - 'set Pragma "no-cache"'
+ - 'set Expires "-1"'
+ - 'set X-Permitted-Cross-Domain-Policies "master-only"'
+ 'infradocs.cacert.org':
+ port: 80
+ access_log: true
+ access_log_format: "combined"
+ error_log: true
+ log_level: "warn"
+ docroot: "/var/www/infradocs.cacert.org/html"
+ docroot_owner: "jenkins-infradocs"
+ docroot_group: "upload"
+ docroot_mode: "0755"
+ directoryindex:
+ - "index.html"
+ directories:
+ -
+ path: "/var/www/infradocs.cacert.org/html"
+ options:
+ - "-Includes"
+ - "-Indexes"
+ - "-FollowSymLinks"
+ - "-MultiViews"
+ require: "all granted"
+ headers:
+ - 'set X-Frame-Options "sameorigin"'
+ - 'set Strict-Transport-Security "max-age=31536000; includeSubDomains"'
+ - 'set X-XSS-Protection "1; mode=block"'
+ - 'set Cache-Control "no-cache, no-store, must-revalidate"'
+ - 'set Pragma "no-cache"'
+ - 'set Expires "-1"'
+ - 'set X-Permitted-Cross-Domain-Policies "master-only"'