Changeset View
Changeset View
Standalone View
Standalone View
site-modules/profile/manifests/swh/deploy/reverse_proxy.pp
Show First 20 Lines • Show All 72 Lines • ▼ Show 20 Lines | @@::icinga2::object::service {"${service_name} http redirect on ${::fqdn}": | ||||
tag => 'icinga2::exported', | tag => 'icinga2::exported', | ||||
} | } | ||||
$vhost_ssl_port = lookup('apache::https_port') | $vhost_ssl_port = lookup('apache::https_port') | ||||
# $vhost_ssl_protocol = lookup('swh::deploy::webapp::vhost::ssl_protocol') | # $vhost_ssl_protocol = lookup('swh::deploy::webapp::vhost::ssl_protocol') | ||||
# $vhost_ssl_honorcipherorder = lookup('swh::deploy::webapp::vhost::ssl_honorcipherorder') | # $vhost_ssl_honorcipherorder = lookup('swh::deploy::webapp::vhost::ssl_honorcipherorder') | ||||
# $vhost_ssl_cipher = lookup('swh::deploy::webapp::vhost::ssl_cipher') | # $vhost_ssl_cipher = lookup('swh::deploy::webapp::vhost::ssl_cipher') | ||||
$authentication_enabled = lookup( | |||||
"swh::deploy::${service_name}::reverse_proxy::basic_auth", | |||||
'default_value' => false,) | |||||
if $authentication_enabled { | |||||
# A real user name can't be specified in http_auth var | |||||
# because the value is exposed in the web ui | |||||
$http_expect_var = { http_expect => '401 Restricted' } | |||||
} else { | |||||
$http_expect_var = {} | |||||
} | |||||
@@::icinga2::object::service {"swh-${service_name} https on ${::fqdn}": | @@::icinga2::object::service {"swh-${service_name} https on ${::fqdn}": | ||||
service_name => "swh ${service_name}", | service_name => "swh ${service_name}", | ||||
import => ['generic-service'], | import => ['generic-service'], | ||||
host_name => $::fqdn, | host_name => $::fqdn, | ||||
check_command => 'http', | check_command => 'http', | ||||
vars => { | vars => { | ||||
http_address => $vhost_name, | http_address => $vhost_name, | ||||
http_vhost => $vhost_name, | http_vhost => $vhost_name, | ||||
http_port => $vhost_ssl_port, | http_port => $vhost_ssl_port, | ||||
http_ssl => true, | http_ssl => true, | ||||
http_sni => true, | http_sni => true, | ||||
http_uri => '/', | http_uri => '/', | ||||
http_onredirect => sticky | http_onredirect => sticky, | ||||
}, | } + $http_expect_var, | ||||
target => $icinga_checks_file, | target => $icinga_checks_file, | ||||
tag => 'icinga2::exported', | tag => 'icinga2::exported', | ||||
} | } | ||||
@@::icinga2::object::service {"swh-${service_name} https certificate ${::fqdn}": | @@::icinga2::object::service {"swh-${service_name} https certificate ${::fqdn}": | ||||
service_name => "swh ${service_name} https certificate", | service_name => "swh ${service_name} https certificate", | ||||
import => ['generic-service'], | import => ['generic-service'], | ||||
host_name => $::fqdn, | host_name => $::fqdn, | ||||
Show All 14 Lines |