puppet-zanata/manifests/apache.pp
Jeremy Stanley 24a3c65e32 Work around CVE-2018-12532
https://codewhitesec.blogspot.com/2018/05/poor-richfaces.html

Change-Id: I2c6cd13e0aeb71e5bebc680568fdf9f6f0656b74
2019-11-08 04:52:41 +00:00

90 lines
2.3 KiB
Puppet

# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: zanata::apache
#
class zanata::apache (
$vhost_name = $::fqdn,
$serveradmin = "webmaster@${::fqdn}",
$ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem',
$ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key',
$ssl_chain_file = '',
$ssl_cert_file_contents = '', # If left empty puppet will not create file.
$ssl_key_file_contents = '', # If left empty puppet will not create file.
$ssl_chain_file_contents = '', # If left empty puppet will not create file.
) {
include ::httpd
include ::httpd::ssl
if !defined(Httpd_mod['rewrite']) {
httpd_mod { 'rewrite':
ensure => present,
}
}
httpd_mod { 'proxy':
ensure => present,
}
httpd_mod { 'proxy_http':
ensure => present,
}
httpd_mod { 'proxy_ajp':
ensure => present,
}
::httpd::vhost { $vhost_name:
port => 443,
docroot => 'MEANINGLESS ARGUMENT',
priority => '50',
template => 'zanata/zanata.vhost.erb',
ssl => true,
subscribe => File['/opt/wildfly/standalone/configuration/standalone.xml'],
}
if $ssl_cert_file_contents != '' {
file { $ssl_cert_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_cert_file_contents,
before => Httpd::Vhost[$vhost_name],
}
}
if $ssl_key_file_contents != '' {
file { $ssl_key_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_key_file_contents,
before => Httpd::Vhost[$vhost_name],
}
}
if $ssl_chain_file_contents != '' {
file { $ssl_chain_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_chain_file_contents,
before => Httpd::Vhost[$vhost_name],
}
}
}