summaryrefslogtreecommitdiff
path: root/sitemodules/profiles/templates
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2020-06-06 01:43:44 +0200
committerJan Dittberner <jandd@cacert.org>2020-06-06 01:43:44 +0200
commit4009f3ee723da5914653dfbebe2cb3d21fe3f96f (patch)
treeb15aa5515bda1a94d640a0b1b5859136f279efde /sitemodules/profiles/templates
parentcb19b060bccb57b1e7f04b90a9a35536ec9716ca (diff)
downloadcacert-puppet-4009f3ee723da5914653dfbebe2cb3d21fe3f96f.tar.gz
cacert-puppet-4009f3ee723da5914653dfbebe2cb3d21fe3f96f.tar.xz
cacert-puppet-4009f3ee723da5914653dfbebe2cb3d21fe3f96f.zip
Add new profile nginx_revproxy and use it for email
This commit adds a new profile nginx_revproxy to setup an nginx based reverse proxy. The commit contains configuration for such a proxy to forward traffic for community.cacert.org to the http virtual host on the webstatic system. It also contains custom nginx configuration to enable the redirects from old URLs to the motion and selfservice systems. The profile includes x509cert_common to install the certificate and private key required for the community.cacert.org virtual host. The new profile is assigned to email via the email role.
Diffstat (limited to 'sitemodules/profiles/templates')
-rw-r--r--sitemodules/profiles/templates/nginx_revproxy/virtual_host.nginx31
1 files changed, 31 insertions, 0 deletions
diff --git a/sitemodules/profiles/templates/nginx_revproxy/virtual_host.nginx b/sitemodules/profiles/templates/nginx_revproxy/virtual_host.nginx
new file mode 100644
index 0000000..3798706
--- /dev/null
+++ b/sitemodules/profiles/templates/nginx_revproxy/virtual_host.nginx
@@ -0,0 +1,31 @@
+# <%- | String $virtual_host,
+# String $target,
+# String $custom_config,
+#| -%>
+# THIS FILE IS MANAGED BY PUPPET, MANUAL CHANGES WILL BE OVERWRITTEN AT THE
+# NEXT PUPPET RUN.
+
+server {
+ listen 80;
+ listen [::]:80;
+
+ listen 443 ssl;
+ listen [::]:443 ssl;
+
+ if ($https != "on") {
+ return 301 https://$host$uri;
+ }
+
+ ssl_certificate /etc/ssl/public/<%= $virtual_host %>.chain.pem;
+ ssl_certificate_key /etc/ssl/private/<%= $virtual_host %>.key.pem;
+
+ access_log /var/log/nginx/<%= $virtual_host %>.access.log;
+ error_log /var/log/nginx/<%= $virtual_host %>.error.log;
+
+ server_name <%= $virtual_hosts %>;
+ <%= $custom_config -%>
+
+ location / {
+ proxy_pass <%= $target %>;
+ }
+}