Install local nginx to redirect incoming http requests to https
authorJan Dittberner <jandd@cacert.org>
Sat, 26 Aug 2017 20:35:59 +0000 (22:35 +0200)
committerJan Dittberner <jandd@cacert.org>
Sat, 26 Aug 2017 20:35:59 +0000 (22:35 +0200)
sitemodules/profiles/files/sniproxy/nginx.conf [new file with mode: 0644]
sitemodules/profiles/manifests/sniproxy.pp

diff --git a/sitemodules/profiles/files/sniproxy/nginx.conf b/sitemodules/profiles/files/sniproxy/nginx.conf
new file mode 100644 (file)
index 0000000..3115551
--- /dev/null
@@ -0,0 +1,28 @@
+# THIS FILE IS MANAGED BY PUPPET, MANUAL CHANGES WILL BE OVERWRITTEN AT THE
+# NEXT PUPPET RUN.
+#
+user www-data;
+worker_processes 4;
+pid /var/run/nginx.pid;
+events {
+    worker_connections 768;
+}
+http {
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 65;
+    types_hash_max_size 2048;
+    server_names_hash_bucket_size 64;
+    default_type application/octet-stream;
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log;
+    log_format main '$remote_addr - $remote_user [$time_local]  '
+        '$server_name '
+        '"$request" $status $body_bytes_sent '
+        '"$http_referer" "$http_user_agent"';
+    server {
+        listen 127.0.0.1:8080 default_server;
+        return 301 https://$host$request_uri;
+    }
+}
index e34e93f..4a19ebd 100644 (file)
@@ -76,4 +76,19 @@ class profiles::sniproxy (
     require   => [Package['sniproxy'], File['/etc/default/sniproxy'], File['/etc/sniproxy.conf']],
     subscribe => [File['/etc/default/sniproxy'], File['/etc/sniproxy.conf']],
   }
+
+  package { 'nginx-light':
+    ensure  => present,
+  } ->
+  file { '/etc/nginx/nginx.conf':
+    ensure  => file,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    source  => 'puppet:///modules/profiles/sniproxy/nginx.conf',
+  } ->
+  service { 'nginx':
+    ensure  => running,
+    enable  => true,
+  }
 }