blob: b60caf4c8bfc3176413cbcaec1e6714856a359f7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
define proxmox::proxy_host (String[1] $target, Optional[String[1]] $overwrite_rh_certs = undef) {
if $target =~ /^https:/ {
$ssl_fragment = @("EOT")
SSLProxyEngine on
SSLProxyCheckPeerName off
| EOT
}
else {
$ssl_fragment = ""
}
file {"/etc/apache2/sites-enabled/$title.conf":
content => @("EOT")
MDomain $title
<VirtualHost *:80>
ServerName $title
Redirect permanent / https://$title/
</VirtualHost>
<VirtualHost *:443>
ServerName $title
SSLEngine on
ProxyPass "/" "$target"
ProxyPassReverse "/" "$target"
ProxyPreservehost On
$ssl_fragment
</VirtualHost>
| EOT
,
}
~>
Service['apache2']
if $overwrite_rh_certs {
$pveid = lookup("hostvars.'$overwrite_rh_certs'.proxmox.id");
file {"/usr/local/bin/notify_md_renewal_hook_$overwrite_rh_certs":
content => @("EOT"/$)
#!/bin/sh
cp /etc/apache2/md/domains/$title/pubcert.pem /rpool/data/subvol-$pveid-disk-0/etc/pki/tls/certs/localhost.crt
cp /etc/apache2/md/domains/$title/privkey.pem /rpool/data/subvol-$pveid-disk-0/etc/pki/tls/private/localhost.key
pct exec $pveid systemctl restart httpd
| EOT
,
mode => '0755',
}
}
}
|
