diff options
-rw-r--r-- | manifests/init.pp | 23 | ||||
-rw-r--r-- | templates/site.erb | 31 |
2 files changed, 52 insertions, 2 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 4c1b284..205b11f 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -31,6 +31,8 @@ $apache2_macros = "/etc/apache2/conf.d/macros" $apache2_conf = "/etc/apache2/apache2.conf" class apache { + include ssl + case $apache_www_folder { '': { $apache_www_folder = "/var/www" } } @@ -84,6 +86,11 @@ class apache { require => Package["apache"], } + module { "ssl": + ensure => present, + require => Package["apache"], + } + # apache mod_macro configuration file { "${apache2_macros}": ensure => present, @@ -139,7 +146,8 @@ class apache { $manage_docroot = true, $owner = 'root', $group = 'root', $mpm = true, $mpm_user = '', $mpm_group = '', $password = '*', $comment = '', $sshkey = absent, - $groups = '', $shell = '/bin/false', $manage_user = true) { + $groups = '', $shell = '/bin/false', $manage_user = true, + $ssl = false, $listen = '*') { $vhost = $filename ? { '' => "$title", @@ -202,6 +210,19 @@ class apache { } } + if $ssl == true { + ssl::cert { "$name": + group => $gid, + privmode => '0640', + ensure => $ensure, + } + + ssl::check { "$name": + file => "/etc/ssl/certs/$name.crt", + ensure => $ensure, + } + } + case $source { true: { file { "${apache2_sites}-available/$vhost": diff --git a/templates/site.erb b/templates/site.erb index 80ad807..5a9f074 100644 --- a/templates/site.erb +++ b/templates/site.erb @@ -1,5 +1,5 @@ # begin vhost for <%= title %> -<VirtualHost *:80> +<VirtualHost <%= listen %>:80> ServerName <%= title %>.<%= hosting_domain %> <% if server_alias != false %> ServerAlias <%= server_alias %><% end %> DocumentRoot <%= docroot %> @@ -18,3 +18,32 @@ <% end %> </VirtualHost> # end vhost for <%= title %> +<% if ssl == true %> +# begin ssl vhost for <%= title %> +<VirtualHost <%= listen %>:443> + ServerName <%= title %>.<%= hosting_domain %> +<% if server_alias != false %> ServerAlias <%= server_alias %><% end %> + DocumentRoot <%= docroot %> +<% if redirect_match != false %> RedirectMatch ^/$ <%= protocol %>://<%= title %>.<%= hosting_domain %>/<%= redirect_match %><% end %> +<% if redirect != false %> Redirect <%= redirect %><% end %> +<% if aliases != false %><% aliases.each do |map| -%> + Alias <%= map %> +<% end -%><% end -%> +<% if use != false %><% use.each do |instance| -%> + Use <%= instance %> +<% end -%><% end -%> +<% if mpm == true %> + <IfModule mpm_itk_module> + AssignUserId <%= user %> <%= gid %> + </IfModule> +<% end %> +<% if server_alias == true %> + # SSL Configuration + SSLEngine on + SSLProtocol -all +SSLv3 +TLSv1 + SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH + SSLHonorCipherOrder on +<% end %> +</VirtualHost> +# end ssl vhost for <%= title %> +<% end %> |