diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2023-01-07 14:40:22 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2023-01-07 14:40:22 -0300 |
| commit | 1e03648387cf5efb9b7fdf99366b2d8a1f8d8ea0 (patch) | |
| tree | 6fa416548285f6deaedc54cd046c5eabbe769587 | |
| parent | b6a39e149bd9e8ff6130e8f4fb8bd1f6353b7d31 (diff) | |
| download | puppet-nginx-1e03648387cf5efb9b7fdf99366b2d8a1f8d8ea0.tar.gz puppet-nginx-1e03648387cf5efb9b7fdf99366b2d8a1f8d8ea0.tar.bz2 | |
| -rw-r--r-- | manifests/site.pp | 47 | ||||
| -rw-r--r-- | manifests/site/config.pp | 18 | ||||
| -rw-r--r-- | templates/site-ssl.erb | 2 |
3 files changed, 40 insertions, 27 deletions
diff --git a/manifests/site.pp b/manifests/site.pp index 983fc88..4455f45 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -1,16 +1,17 @@ define nginx::site( - $ensure = present, - $ssl = present, - $source = 'template', - $certbot = true, - $template = 'site', - $backend = 'weblocal', - $aliases = "*.${name}", - $cache = false, - $cache_levels = '1:2', - $cache_size = '10m', - $cache_inactive = '600s', - $cache_max_size = '1m', + $ensure = present, + $ssl = present, + $source = 'template', + $certbot = true, + $template = 'site', + $backend = 'weblocal', + $aliases = "*.${name}", + $cache = false, + $cache_levels = '1:2', + $cache_size = '10m', + $cache_inactive = '600s', + $cache_max_size = '1m', + $x_frame_options = 'DENY', ) { nginx::site::config { $name: ensure => $ensure, @@ -32,17 +33,23 @@ define nginx::site( } nginx::site::config { "${name}-ssl": - server_name => $name, - ensure => $ensure ? { + server_name => $name, + ensure => $ensure ? { 'present' => $ssl, default => absent, }, - source => $source, - template => "${template}-ssl", - backend => $backend, - aliases => $aliases, - require => $certbot ? { - true => $ensure ? { + source => $source, + template => "${template}-ssl", + backend => $backend, + aliases => $aliases, + cache => $cache, + cache_levels => $cache_levels, + cache_size => $cache_size, + cache_inactive => $cache_inactive, + cache_max_size => $cache_max_size, + x_frame_options => $x_frame_options, + require => $certbot ? { + true => $ensure ? { 'present' => Certbot::Manage[$name], default => undef, }, diff --git a/manifests/site/config.pp b/manifests/site/config.pp index 9822795..0cdceea 100644 --- a/manifests/site/config.pp +++ b/manifests/site/config.pp @@ -1,10 +1,16 @@ define nginx::site::config( - $server_name = $name, - $ensure = present, - $source = 'template', - $template = 'site', - $backend = 'weblocal', - $aliases = "*.${name}", + $server_name = $name, + $ensure = present, + $source = 'template', + $template = 'site', + $backend = 'weblocal', + $aliases = "*.${name}", + $cache = false, + $cache_levels = '1:2', + $cache_size = '10m', + $cache_inactive = '600s', + $cache_max_size = '1m', + $x_frame_options = 'DENY', ){ case $source { 'file': { diff --git a/templates/site-ssl.erb b/templates/site-ssl.erb index 5b9ce04..c852954 100644 --- a/templates/site-ssl.erb +++ b/templates/site-ssl.erb @@ -15,7 +15,7 @@ server { # clickjacking protection add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; - add_header X-Frame-Options DENY; + add_header X-Frame-Options <%= @x_frame_options %>; location / { # preserve http header and set forwarded proto |