Add new profile nginx_revproxy and use it for email

This commit adds a new profile nginx_revproxy to setup an nginx based
reverse proxy. The commit contains configuration for such a proxy to
forward traffic for community.cacert.org to the http virtual host on the
webstatic system. It also contains custom nginx configuration to enable
the redirects from old URLs to the motion and selfservice systems. The
profile includes x509cert_common to install the certificate and private
key required for the community.cacert.org virtual host.

The new profile is assigned to email via the email role.

1 files changed, 31 insertions, 0 deletions

diff --git a/sitemodules/profiles/templates/nginx_revproxy/virtual_host.nginx b/sitemodules/profiles/templates/nginx_revproxy/virtual_host.nginx
new file mode 100644
index 0000000..3798706
--- /dev/null
+++ b/sitemodules/profiles/templates/nginx_revproxy/virtual_host.nginx
@@ -0,0 +1,31 @@
+# <%- | String $virtual_host,
+#       String $target,
+#       String $custom_config,
+#| -%>
+# THIS FILE IS MANAGED BY PUPPET, MANUAL CHANGES WILL BE OVERWRITTEN AT THE
+# NEXT PUPPET RUN.
+
+server {
+  listen 80;
+  listen [::]:80;
+
+  listen 443 ssl;
+  listen [::]:443 ssl;
+
+  if ($https != "on") {
+    return 301 https://$host$uri;
+  }
+
+  ssl_certificate /etc/ssl/public/<%= $virtual_host %>.chain.pem;
+  ssl_certificate_key /etc/ssl/private/<%= $virtual_host %>.key.pem;
+
+  access_log /var/log/nginx/<%= $virtual_host %>.access.log;
+  error_log /var/log/nginx/<%= $virtual_host %>.error.log;
+
+  server_name <%= $virtual_hosts %>;
+  <%= $custom_config -%>
+
+  location / {
+    proxy_pass <%= $target %>;
+  }
+}