first commit

e28846c8 · Adam Lewenberg · e28846c8 · e28846c8
Commit e28846c8 authored 4 years ago by Adam Lewenberg
--- a/manifests/init.pp
+++ b/manifests/init.pp
+class secure_afs_request (
+  Enum['present', 'absent'] $ensure = 'present',
+  String                    $vhost  = 'secure-afs-request.example.com',
+) {
+
+   # Install the
+   file { "/etc/apache2/sites-enabled/secure-afs-request.conf":
+     ensure  => $ensure,
+     content => template('secure_afs_request/etc/apache2/sites-available/secure-afs-request.conf.erb'),
+     owner   => 'root',
+     group   => 'root',
+     mode    => '0755',
+   }
+
+  # Install the key-pair
+  su_apache::cert::incommon { $vhost:
+    ensure => $ensure,
+  }
+
+}
--- a/templates/etc/apache2/sites-available/secure-afs-request.conf.erb
+++ b/templates/etc/apache2/sites-available/secure-afs-request.conf.erb
+<VirtualHost *:80>
+  ServerAdmin adamhl@.stanford.edu
+  ServerName <%= @vhost %>
+
+  # Redirect _all_ port 80 traffic to the secure side
+  Redirect / https://<%= @vhost %>/
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerAdmin adamhl@.stanford.edu
+  ServerName <%= @vhost %>
+
+  DocumentRoot /srv/www/integration-test2
+
+  TraceEnable off
+  SSLEngine On
+  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXP
+  SSLCertificateFile    /etc/ssl/certs/integration-test2.pem
+  SSLCertificateKeyFile /etc/ssl/private/integration-test2.key
+
+</VirtualHost>