Skip to content
Snippets Groups Projects
Commit 5f77a705 authored by Adam Lewenberg's avatar Adam Lewenberg
Browse files

more support for Docker container

parent 89dcc179
No related branches found
No related tags found
No related merge requests found
...@@ -6,14 +6,17 @@ class secure_afs_request ( ...@@ -6,14 +6,17 @@ class secure_afs_request (
Enum['present', 'absent'] $ensure = 'present', Enum['present', 'absent'] $ensure = 'present',
# #
Enum['traditional', 'docker'] Enum['traditional', 'docker']
$hosting_model = 'traditional', $hosting_model = 'traditional',
# #
String $vhost = 'secure-afs-request.example.com', String $vhost = 'secure-afs-request.example.com',
String $port = '443',
String $server_admin = 'bogus@bogus.bogus',
Boolean $ssl_enable = true,
# #
Enum['wallet', 'none'] $db_credentials_source = 'wallet', Enum['wallet', 'none'] $db_credentials_source = 'wallet',
Optional[String] $db_wallet_name = undef, Optional[String] $db_wallet_name = undef,
# #
Optional[String] $ldap_wallet_name = undef, Optional[String] $ldap_wallet_name = undef,
) { ) {
# Install the software. # Install the software.
...@@ -26,8 +29,17 @@ class secure_afs_request ( ...@@ -26,8 +29,17 @@ class secure_afs_request (
require => Package['secure-afs-request-web'], require => Package['secure-afs-request-web'],
} }
# Install the Apache configuration. # Install the Apache configuration. If this is a traditional server we
file { '/etc/apache2/sites-enabled/secure-afs-request.conf': # save it as /etc/apache2/sites-enabled/secure-afs-request.conf. If this
# is a docker container we put it in
# /etc/apache2/sites-enabled/default.conf
if ($hosting_model == 'traditional') {
$apache_conf_name = 'secure-afs-request.conf'
} else {
$apache_conf_name = 'default.conf'
}
file { $apache_conf_name:
ensure => $ensure, ensure => $ensure,
content => template('secure_afs_request/etc/apache2/sites-available/secure-afs-request.conf.erb'), content => template('secure_afs_request/etc/apache2/sites-available/secure-afs-request.conf.erb'),
owner => 'root', owner => 'root',
......
<%-
# We only include the redirect section for traditional hosts.
if (@hosting_model == 'traditional') then
-%>
<VirtualHost *:80> <VirtualHost *:80>
ServerAdmin adamhl@.stanford.edu ServerAdmin adamhl@.stanford.edu
ServerName <%= @vhost %> ServerName <%= @vhost %>
...@@ -6,22 +10,30 @@ ...@@ -6,22 +10,30 @@
Redirect / https://<%= @vhost %>/ Redirect / https://<%= @vhost %>/
</VirtualHost> </VirtualHost>
<VirtualHost *:443> <%-
ServerAdmin adamhl@.stanford.edu end
-%>
<VirtualHost *:<%= @port %>>
ServerAdmin <%= @server_admin %>
ServerName <%= @vhost %> ServerName <%= @vhost %>
DocumentRoot /usr/share/secure-afs-request/cgi-bin DocumentRoot /usr/share/secure-afs-request/cgi-bin
RedirectMatch "^/$" "/secure-group-request" RedirectMatch "^/$" "/secure-group-request"
TraceEnable off
AddHandler cgi-script .cgi .pl AddHandler cgi-script .cgi .pl
<%-
if (@ssl_enable) then
-%>
## SSL ## SSL
SSLEngine On SSLEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXP SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXP
SSLCertificateFile /etc/ssl/certs/<%= @vhost %>.pem SSLCertificateFile /etc/ssl/certs/<%= @vhost %>.pem
SSLCertificateKeyFile /etc/ssl/private/<%= @vhost %>.key SSLCertificateKeyFile /etc/ssl/private/<%= @vhost %>.key
<%-
end
-%>
### Shibboleth (SAML) section ### Shibboleth (SAML) section
<Location /Shibboleth.sso> <Location /Shibboleth.sso>
SetHandler shib SetHandler shib
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment