diff options
| author | drebs <drebs@riseup.net> | 2011-03-11 14:53:39 -0300 |
|---|---|---|
| committer | drebs <drebs@riseup.net> | 2011-03-11 14:53:39 -0300 |
| commit | 01b2048dbf02ac726dabde5e846b9d6ac9aff0e6 (patch) | |
| tree | 28f13f07a483a73ffcbfb25e4aba0c40f3d656bb /templates/etc | |
| download | puppet-bootstrap-01b2048dbf02ac726dabde5e846b9d6ac9aff0e6.tar.gz puppet-bootstrap-01b2048dbf02ac726dabde5e846b9d6ac9aff0e6.tar.bz2 | |
initial recommit
Diffstat (limited to 'templates/etc')
| -rw-r--r-- | templates/etc/aliases.erb | 14 | ||||
| -rw-r--r-- | templates/etc/nagios3/htpasswd.users.erb | 1 | ||||
| -rw-r--r-- | templates/etc/nginx/domain.erb | 161 |
3 files changed, 176 insertions, 0 deletions
diff --git a/templates/etc/aliases.erb b/templates/etc/aliases.erb new file mode 100644 index 0000000..4b9a4b9 --- /dev/null +++ b/templates/etc/aliases.erb @@ -0,0 +1,14 @@ +# /etc/aliases +mailer-daemon: postmaster +postmaster: root +nobody: root +hostmaster: root +usenet: root +news: root +webmaster: root +www: root +ftp: root +abuse: root +noc: root +security: root +root: <%= first_user_email %> diff --git a/templates/etc/nagios3/htpasswd.users.erb b/templates/etc/nagios3/htpasswd.users.erb new file mode 100644 index 0000000..c21d493 --- /dev/null +++ b/templates/etc/nagios3/htpasswd.users.erb @@ -0,0 +1 @@ +nagiosadmin:0FCabjvUTHvxF diff --git a/templates/etc/nginx/domain.erb b/templates/etc/nginx/domain.erb new file mode 100644 index 0000000..72f864a --- /dev/null +++ b/templates/etc/nginx/domain.erb @@ -0,0 +1,161 @@ +# <%= domain %> proxy config + +# Set the max size for file uploads +client_max_body_size 100M; + +server { + # see config tips at + # http://blog.taragana.com/index.php/archive/nginx-hacking-tips/ + + # Don't log anything + access_log /dev/null; + error_log /dev/null; + + # simple reverse-proxy + listen 80; + server_name *.<%= domain > <%= domain > + + # enable HSTS header + add_header Strict-Transport-Security max-age=15768000; + + # https redirection by default + rewrite ^(.*) https://$host$1 redirect; + + # rewrite rules for backups.<%= domain > + #if ($host ~* ^backups\.<%= domain %>$) { + # rewrite ^(.*) https://$host$1 redirect; + # break; + #} + + # rewrite rules for admin.<%= domain > + #if ($host ~* ^admin\.<%= domain %>$) { + # rewrite ^(.*) https://$host$1 redirect; + # break; + #} + + # rewrite rules for munin.<%= domain > + #if ($host ~* ^munin\.<%= domain %>$) { + # rewrite ^(.*) https://$host$1 redirect; + # break; + #} + + # rewrite rules for trac.<%= domain > + #if ($host ~* ^trac\.<%= domain %>$) { + # rewrite ^(.*) https://$host$1 redirect; + # break; + #} + + # rewrite rules for nagios.<%= domain > + #if ($host ~* ^nagios\.<%= domain %>$) { + # rewrite ^(.*) https://$host$1 redirect; + # break; + #} + + # rewrite rules for htpasswd.<%= domain > + #if ($host ~* ^htpasswd\.<%= domain %>$) { + # rewrite ^(.*) https://$host$1 redirect; + # break; + #} + + # rewrite rules for postfixadmin.<%= domain > + #if ($host ~* ^postfixadmin\.<%= domain %>$) { + # rewrite ^(.*) https://$host$1 redirect; + # break; + #} + + # rewrite rules for mail.<%= domain > + #if ($host ~* ^mail\.<%= domain %>$) { + # rewrite ^(.*) https://$host$1 redirect; + # break; + #} + + # rewrite rules for lists.<%= domain > + #if ($host ~* ^lists\.<%= domain %>$) { + # rewrite ^(.*) https://$host$1 redirect; + # break; + #} + + # pass requests for dynamic content + location / { + proxy_set_header Host $http_host; + proxy_pass http://weblocal:80; + } + +} + +server { + # https reverse proxy + listen 443; + server_name *.<%= domain > <%= domain >; + + # Don't log anything + access_log /dev/null; + error_log /dev/null; + + ssl on; + ssl_certificate /etc/ssl/certs/cert.crt; + ssl_certificate_key /etc/ssl/private/cert.pem; + + ssl_session_timeout 5m; + + ssl_protocols SSLv3 TLSv1; + ssl_ciphers HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH; + ssl_prefer_server_ciphers on; + + # Set the max size for file uploads + client_max_body_size 100M; + + location / { + # preserve http header + proxy_set_header Host $http_host; + + proxy_read_timeout 120; + proxy_connect_timeout 120; + + # rewrite rules for admin.<%= domain > + if ($host ~* ^admin\.<%= domain %>$) { + proxy_pass http://admin:80; + break; + } + + # rewrite rules for munin.<%= domain > + if ($host ~* ^munin\.<%= domain %>$) { + proxy_pass http://admin:80; + break; + } + + # rewrite rules for trac.<%= domain > + if ($host ~* ^trac\.<%= domain %>$) { + proxy_pass http://admin:80; + break; + } + + # rewrite rules for nagios.<%= domain > + if ($host ~* ^nagios\.<%= domain %>$) { + proxy_pass http://admin:80; + break; + } + + # rewrite rules for postfixadmin.<%= domain > + if ($host ~* ^postfixadmin\.<%= domain %>$) { + proxy_pass http://mail:80; + break; + } + + # rewrite rules for mail.<%= domain > + if ($host ~* ^mail\.<%= domain %>$) { + proxy_pass http://mail:80; + break; + } + + # rewrite rules for lists.<%= domain > + if ($host ~* ^lists\.<%= domain %>$) { + proxy_pass http://mail:80; + break; + } + + # default proxy pass + proxy_pass http://weblocal:80; + } + +} |