summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--manifests/init.pp23
-rw-r--r--templates/site.erb31
2 files changed, 52 insertions, 2 deletions
diff --git a/manifests/init.pp b/manifests/init.pp
index 4c1b284..205b11f 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -31,6 +31,8 @@ $apache2_macros = "/etc/apache2/conf.d/macros"
$apache2_conf = "/etc/apache2/apache2.conf"
class apache {
+ include ssl
+
case $apache_www_folder {
'': { $apache_www_folder = "/var/www" }
}
@@ -84,6 +86,11 @@ class apache {
require => Package["apache"],
}
+ module { "ssl":
+ ensure => present,
+ require => Package["apache"],
+ }
+
# apache mod_macro configuration
file { "${apache2_macros}":
ensure => present,
@@ -139,7 +146,8 @@ class apache {
$manage_docroot = true, $owner = 'root', $group = 'root',
$mpm = true, $mpm_user = '', $mpm_group = '', $password = '*',
$comment = '', $sshkey = absent,
- $groups = '', $shell = '/bin/false', $manage_user = true) {
+ $groups = '', $shell = '/bin/false', $manage_user = true,
+ $ssl = false, $listen = '*') {
$vhost = $filename ? {
'' => "$title",
@@ -202,6 +210,19 @@ class apache {
}
}
+ if $ssl == true {
+ ssl::cert { "$name":
+ group => $gid,
+ privmode => '0640',
+ ensure => $ensure,
+ }
+
+ ssl::check { "$name":
+ file => "/etc/ssl/certs/$name.crt",
+ ensure => $ensure,
+ }
+ }
+
case $source {
true: {
file { "${apache2_sites}-available/$vhost":
diff --git a/templates/site.erb b/templates/site.erb
index 80ad807..5a9f074 100644
--- a/templates/site.erb
+++ b/templates/site.erb
@@ -1,5 +1,5 @@
# begin vhost for <%= title %>
-<VirtualHost *:80>
+<VirtualHost <%= listen %>:80>
ServerName <%= title %>.<%= hosting_domain %>
<% if server_alias != false %> ServerAlias <%= server_alias %><% end %>
DocumentRoot <%= docroot %>
@@ -18,3 +18,32 @@
<% end %>
</VirtualHost>
# end vhost for <%= title %>
+<% if ssl == true %>
+# begin ssl vhost for <%= title %>
+<VirtualHost <%= listen %>:443>
+ ServerName <%= title %>.<%= hosting_domain %>
+<% if server_alias != false %> ServerAlias <%= server_alias %><% end %>
+ DocumentRoot <%= docroot %>
+<% if redirect_match != false %> RedirectMatch ^/$ <%= protocol %>://<%= title %>.<%= hosting_domain %>/<%= redirect_match %><% end %>
+<% if redirect != false %> Redirect <%= redirect %><% end %>
+<% if aliases != false %><% aliases.each do |map| -%>
+ Alias <%= map %>
+<% end -%><% end -%>
+<% if use != false %><% use.each do |instance| -%>
+ Use <%= instance %>
+<% end -%><% end -%>
+<% if mpm == true %>
+ <IfModule mpm_itk_module>
+ AssignUserId <%= user %> <%= gid %>
+ </IfModule>
+<% end %>
+<% if server_alias == true %>
+ # SSL Configuration
+ SSLEngine on
+ SSLProtocol -all +SSLv3 +TLSv1
+ SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH
+ SSLHonorCipherOrder on
+<% end %>
+</VirtualHost>
+# end ssl vhost for <%= title %>
+<% end %>