Changeset View
Changeset View
Standalone View
Standalone View
site-modules/profile/manifests/swh/deploy/reverse_proxy.pp
| Show First 20 Lines • Show All 72 Lines • ▼ Show 20 Lines | @@::icinga2::object::service {"${service_name} http redirect on ${::fqdn}": | ||||
| tag => 'icinga2::exported', | tag => 'icinga2::exported', | ||||
| } | } | ||||
| $vhost_ssl_port = lookup('apache::https_port') | $vhost_ssl_port = lookup('apache::https_port') | ||||
| # $vhost_ssl_protocol = lookup('swh::deploy::webapp::vhost::ssl_protocol') | # $vhost_ssl_protocol = lookup('swh::deploy::webapp::vhost::ssl_protocol') | ||||
| # $vhost_ssl_honorcipherorder = lookup('swh::deploy::webapp::vhost::ssl_honorcipherorder') | # $vhost_ssl_honorcipherorder = lookup('swh::deploy::webapp::vhost::ssl_honorcipherorder') | ||||
| # $vhost_ssl_cipher = lookup('swh::deploy::webapp::vhost::ssl_cipher') | # $vhost_ssl_cipher = lookup('swh::deploy::webapp::vhost::ssl_cipher') | ||||
| $authentication_enabled = lookup( | |||||
| "swh::deploy::${service_name}::reverse_proxy::basic_auth", | |||||
| 'default_value' => false,) | |||||
| if $authentication_enabled { | |||||
| # A real user name can't be specified in http_auth var | |||||
| # because the value is exposed in the web ui | |||||
| $http_expect_var = { http_expect => '401 Restricted' } | |||||
| } else { | |||||
| $http_expect_var = {} | |||||
| } | |||||
| @@::icinga2::object::service {"swh-${service_name} https on ${::fqdn}": | @@::icinga2::object::service {"swh-${service_name} https on ${::fqdn}": | ||||
| service_name => "swh ${service_name}", | service_name => "swh ${service_name}", | ||||
| import => ['generic-service'], | import => ['generic-service'], | ||||
| host_name => $::fqdn, | host_name => $::fqdn, | ||||
| check_command => 'http', | check_command => 'http', | ||||
| vars => { | vars => { | ||||
| http_address => $vhost_name, | http_address => $vhost_name, | ||||
| http_vhost => $vhost_name, | http_vhost => $vhost_name, | ||||
| http_port => $vhost_ssl_port, | http_port => $vhost_ssl_port, | ||||
| http_ssl => true, | http_ssl => true, | ||||
| http_sni => true, | http_sni => true, | ||||
| http_uri => '/', | http_uri => '/', | ||||
| http_onredirect => sticky | http_onredirect => sticky, | ||||
| }, | } + $http_expect_var, | ||||
| target => $icinga_checks_file, | target => $icinga_checks_file, | ||||
| tag => 'icinga2::exported', | tag => 'icinga2::exported', | ||||
| } | } | ||||
| @@::icinga2::object::service {"swh-${service_name} https certificate ${::fqdn}": | @@::icinga2::object::service {"swh-${service_name} https certificate ${::fqdn}": | ||||
| service_name => "swh ${service_name} https certificate", | service_name => "swh ${service_name} https certificate", | ||||
| import => ['generic-service'], | import => ['generic-service'], | ||||
| host_name => $::fqdn, | host_name => $::fqdn, | ||||
| Show All 14 Lines | |||||