summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--hieradata/nodes/web.yaml2
-rw-r--r--sitemodules/profiles/manifests/apache_common.pp2
-rw-r--r--sitemodules/profiles/manifests/web_proxy.pp36
-rw-r--r--sitemodules/roles/manifests/web.pp2
4 files changed, 40 insertions, 2 deletions
diff --git a/hieradata/nodes/web.yaml b/hieradata/nodes/web.yaml
index ca35962..d1542a0 100644
--- a/hieradata/nodes/web.yaml
+++ b/hieradata/nodes/web.yaml
@@ -15,7 +15,7 @@ profiles::icinga2_agent::pki_ticket: >
HJyrfzBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDB9xfyP2Mjapd/vzRW
ek3UgDBo03zKwbxJ6uooqQ/68zHDKAj0gh2Kpe8tGdbnKm1dOHIpru/5zjob
2gNuQB6szY0=]
-profiles::static_websites::apache_vhosts:
+profiles::web_proxy::apache_vhosts:
'web.cacert.org redirect-http':
servername: "web.cacert.org"
port: 80
diff --git a/sitemodules/profiles/manifests/apache_common.pp b/sitemodules/profiles/manifests/apache_common.pp
index b8a1c8b..93d07f9 100644
--- a/sitemodules/profiles/manifests/apache_common.pp
+++ b/sitemodules/profiles/manifests/apache_common.pp
@@ -26,5 +26,7 @@ class profiles::apache_common (
class { 'apache':
default_vhost => false,
default_ssl_vhost => false,
+ ssl_cipher => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384',
+ ssl_protocol => ['all', '-SSLv2', '-SSLv3', '-TLSv1', '-TLSv1.1'],
}
}
diff --git a/sitemodules/profiles/manifests/web_proxy.pp b/sitemodules/profiles/manifests/web_proxy.pp
new file mode 100644
index 0000000..1f978bd
--- /dev/null
+++ b/sitemodules/profiles/manifests/web_proxy.pp
@@ -0,0 +1,36 @@
+# Class: profiles::web_proxy
+# ==========================
+#
+# This class takes care of VirtualHost setup for a web proxy server.
+#
+# Parameters
+# ----------
+#
+# @param apache_vhosts Apache VirtualHost definitions that will be fed into
+# apache::vhost resources from the puppetlabs/apache
+# module
+#
+# Examples
+# --------
+#
+# @example
+# class roles::myhost {
+# include profiles::web_proxy
+# }
+#
+# Authors
+# -------
+#
+# Jan Dittberner <jandd@cacert.org>
+#
+# Copyright
+# ---------
+#
+# Copyright 2021 Jan Dittberner
+class profiles::web_proxy (
+ Hash[String, Data] $apache_vhosts = {},
+) {
+ include profiles::apache_common
+
+ create_resources(apache::vhost, $apache_vhosts)
+}
diff --git a/sitemodules/roles/manifests/web.pp b/sitemodules/roles/manifests/web.pp
index 08dde26..c793f62 100644
--- a/sitemodules/roles/manifests/web.pp
+++ b/sitemodules/roles/manifests/web.pp
@@ -24,6 +24,6 @@ class roles::web {
include profiles::base
include profiles::rsyslog
include profiles::purge_nrpe_agent
- include profiles::static_websites
+ include profiles::web_proxy
include profiles::icinga2_agent
}