diff options
Diffstat (limited to 'deployment/websites')
20 files changed, 270 insertions, 109 deletions
diff --git a/deployment/websites/manifests/archives.pp b/deployment/websites/manifests/archives.pp new file mode 100644 index 00000000..825e082b --- /dev/null +++ b/deployment/websites/manifests/archives.pp @@ -0,0 +1,20 @@ +class websites::archives { + include websites::base + $vhost = "archives.${::domain}" + $vhostdir = "${websites::base::webdatadir}/${vhost}" + $git_location = "git://git.${::domain}/web/archives" + + apache::vhost::base { $vhost: + location => $vhostdir, + } + + apache::vhost::base { "ssl_${vhost}": + vhost => $vhost, + use_ssl => true, + location => $vhostdir, + } + + git::snapshot { $vhostdir: + source => $git_location, + } +} diff --git a/deployment/websites/manifests/base.pp b/deployment/websites/manifests/base.pp index c45ca431..1c2dbc64 100644 --- a/deployment/websites/manifests/base.pp +++ b/deployment/websites/manifests/base.pp @@ -1,3 +1,9 @@ class websites::base { $webdatadir = '/var/www/vhosts' + file { $webdatadir: + ensure => directory, + mode => '0755', + owner => root, + group => root + } } diff --git a/deployment/websites/manifests/doc.pp b/deployment/websites/manifests/doc.pp index 63ba9d45..01474af2 100644 --- a/deployment/websites/manifests/doc.pp +++ b/deployment/websites/manifests/doc.pp @@ -1,20 +1,20 @@ class websites::doc { include websites::base - $vhost = "doc.$::domain" - $vhostdir = "$websites::base::webdatadir/$vhost" - $svn_location = "svn://svn.$::domain/svn/web/doc/" + $vhost = "doc.${::domain}" + $vhostdir = "${websites::base::webdatadir}/${vhost}" + $git_location = "git://git.${::domain}/web/doc" apache::vhost::base { $vhost: location => $vhostdir, } - apache::vhost::base { "ssl_$vhost": + apache::vhost::base { "ssl_${vhost}": vhost => $vhost, use_ssl => true, location => $vhostdir, } - subversion::snapshot { $vhostdir: - source => $svn_location, + git::snapshot { $vhostdir: + source => $git_location, } } diff --git a/deployment/websites/manifests/forum_proxy.pp b/deployment/websites/manifests/forum_proxy.pp index 06e9f433..bd8f1fc1 100644 --- a/deployment/websites/manifests/forum_proxy.pp +++ b/deployment/websites/manifests/forum_proxy.pp @@ -1,13 +1,13 @@ class websites::forum_proxy { - $web_domain = "forums.$::domain" + $web_domain = "forums.${::domain}" apache::vhost::reverse_proxy { $web_domain: - url => "http://$web_domain/", + url => "http://${web_domain}/", } - apache::vhost::reverse_proxy { "ssl_$web_domain": + apache::vhost::reverse_proxy { "ssl_${web_domain}": vhost => $web_domain, use_ssl => true, - url => "http://$web_domain/", + url => "http://${web_domain}/", } } diff --git a/deployment/websites/manifests/git.pp b/deployment/websites/manifests/git.pp new file mode 100644 index 00000000..e357dfb2 --- /dev/null +++ b/deployment/websites/manifests/git.pp @@ -0,0 +1,10 @@ +class websites::git { + apache::vhost_redirect { "git.${::domain}": + url => "https://gitweb.${::domain}/", + } + apache::vhost_redirect { "ssl_git.${::domain}": + use_ssl => true, + vhost => "git.${::domain}", + url => "https://gitweb.${::domain}/", + } +} diff --git a/deployment/websites/manifests/hugs.pp b/deployment/websites/manifests/hugs.pp index 49fe6ac7..95246464 100644 --- a/deployment/websites/manifests/hugs.pp +++ b/deployment/websites/manifests/hugs.pp @@ -1,15 +1,15 @@ class websites::hugs { include websites::base - $vhostdir = "$websites::base::webdatadir/hugs.$::domain" - $svn_location = "svn://svn.$::domain/svn/web/hugs/public/" + $vhostdir = "${websites::base::webdatadir}/hugs.${::domain}" + $git_location = "git://git.${::domain}/web/hugs" - apache::vhost::base { "hugs.$::domain": + apache::vhost::base { "hugs.${::domain}": location => $vhostdir, } - subversion::snapshot { $vhostdir: - source => $svn_location + git::snapshot { $vhostdir: + source => $git_location } package { 'php-exif': } diff --git a/deployment/websites/manifests/meetbot.pp b/deployment/websites/manifests/meetbot.pp new file mode 100644 index 00000000..04bbcf70 --- /dev/null +++ b/deployment/websites/manifests/meetbot.pp @@ -0,0 +1,14 @@ +# We should rather have a meetbot module used to deploy +# it, setup backups and this website +class websites::meetbot { + $vhost = "meetbot.${::domain}" + $vhostdir = "/home/irc_bots/meetings/" + + apache::vhost::other_app { "meetbot.${::domain}": + vhost_file => 'websites/vhost_meetbot.conf', + } + + file { $vhostdir: + ensure => directory, + } +} diff --git a/deployment/websites/manifests/nav.pp b/deployment/websites/manifests/nav.pp index 587abe0d..84323c26 100644 --- a/deployment/websites/manifests/nav.pp +++ b/deployment/websites/manifests/nav.pp @@ -1,20 +1,27 @@ class websites::nav { include websites::base - $vhost = "nav.$::domain" - $vhostdir = "$websites::base::webdatadir/$vhost" - $svn_location = "svn://svn.$::domain/svn/web/nav/" + $vhost = "nav.${::domain}" + $vhostdir = "${websites::base::webdatadir}/${vhost}" + $git_location = "git://git.${::domain}/web/nav" apache::vhost::base { $vhost: location => $vhostdir, } - apache::vhost::base { "ssl_$vhost": + apache::vhost::base { "ssl_${vhost}": vhost => $vhost, use_ssl => true, location => $vhostdir, } - subversion::snapshot { $vhostdir: - source => $svn_location, + git::snapshot { $vhostdir: + source => $git_location, + } + + file { "${vhostdir}/var/tmp/cache": + ensure => directory, + mode => '0660', + group => $apache::var::apache_group, + require => Git::Snapshot[$vhostdir], } } diff --git a/deployment/websites/manifests/perl.pp b/deployment/websites/manifests/perl.pp index 041bde63..2b4849fb 100644 --- a/deployment/websites/manifests/perl.pp +++ b/deployment/websites/manifests/perl.pp @@ -1,10 +1,10 @@ class websites::perl { include websites::base - $vhost = "perl.$::domain" - $vhostdir = "$websites::base::webdatadir/$vhost" + $vhost = "perl.${::domain}" + $vhostdir = "${websites::base::webdatadir}/${vhost}" $statsdir = "${vhostdir}/stats" - $login = 'pkgcpan' - $homedir = "/var/lib/$login" + $login = 'pkgcpan' + $homedir = "/var/lib/${login}" user { $login: managehome => true, @@ -26,29 +26,29 @@ class websites::perl { cron { 'update cpanpkg': hour => 23, - minute => 0, + minute => 0, require => Package['perl-Module-Packaged-Generator'], - command => "pkgcpan -q -f $vhostdir/cpan_Mageia.db -d Mageia && chmod 644 $vhostdir/cpan_Mageia.db", + command => "pkgcpan -q -f ${vhostdir}/cpan_Mageia.db -d Mageia && chmod 644 ${vhostdir}/cpan_Mageia.db", user => $login, } - file { "$vhostdir/cpan_Mageia.db": + file { "${vhostdir}/cpan_Mageia.db": owner => $login, group => $login, } file { $statsdir: - ensure => directory, - owner => $login, - group => $login, + ensure => directory, + owner => $login, + group => $login, } - # http://www.mageia.org/pipermail/mageia-sysadm/2012-March/004337.html + # https://www.mageia.org/pipermail/mageia-sysadm/2012-March/004337.html cron { 'update pkgcpan stats': - hour => 23, - minute => 30, - require => [ Package['magpie'], File[$statsdir] ], - command => "magpie webstatic -qq -d $statsdir", - user => $login, + hour => 23, + minute => 30, + require => [ Package['magpie'], File[$statsdir] ], + command => "magpie webstatic -qq -d ${statsdir}", + user => $login, } } diff --git a/deployment/websites/manifests/releases.pp b/deployment/websites/manifests/releases.pp index 1d52201c..2b25c8ec 100644 --- a/deployment/websites/manifests/releases.pp +++ b/deployment/websites/manifests/releases.pp @@ -1,22 +1,22 @@ class websites::releases { include websites::base - $vhost = "releases.$::domain" - $vhostdir = "$websites::base::webdatadir/$vhost" - $svn_location = "svn://svn.$::domain/svn/web/releases/" + $vhost = "releases.${::domain}" + $vhostdir = "${websites::base::webdatadir}/${vhost}" + $git_location = "git://git.${::domain}/web/releases" apache::vhost::base { $vhost: location => $vhostdir, options => [ 'FollowSymLinks' ], } - apache::vhost::base { "ssl_$vhost": + apache::vhost::base { "ssl_${vhost}": vhost => $vhost, use_ssl => true, location => $vhostdir, options => [ 'FollowSymLinks' ], } - subversion::snapshot { $vhostdir: - source => $svn_location, + git::snapshot { $vhostdir: + source => $git_location, } } diff --git a/deployment/websites/manifests/start.pp b/deployment/websites/manifests/start.pp index e4c383ce..9d5b77e5 100644 --- a/deployment/websites/manifests/start.pp +++ b/deployment/websites/manifests/start.pp @@ -1,6 +1,11 @@ class websites::start { include websites::base - apache::vhost_redirect { "start.$::domain": - url => "http://www.mageia.org/community/", + apache::vhost_redirect { "start.${::domain}": + url => "https://www.${::domain}/community/", + } + apache::vhost_redirect { "ssl_start.${::domain}": + use_ssl => true, + vhost => "start.${::domain}", + url => "https://www.${::domain}/community/", } } diff --git a/deployment/websites/manifests/static.pp b/deployment/websites/manifests/static.pp index 749f72b0..66711329 100644 --- a/deployment/websites/manifests/static.pp +++ b/deployment/websites/manifests/static.pp @@ -1,8 +1,8 @@ class websites::static { include websites::base - $vhostdir = "$websites::base::webdatadir/static.$::domain" + $vhostdir = "${websites::base::webdatadir}/static.${::domain}" - apache::vhost::other_app { "static.$::domain": + apache::vhost::other_app { "static.${::domain}": vhost_file => 'websites/vhost_static.conf', } @@ -10,7 +10,7 @@ class websites::static { ensure => directory, } - subversion::snapshot { "$vhostdir/g": - source => "svn://svn.$::domain/svn/web/www/trunk/g/", + git::snapshot { "${vhostdir}": + source => "git://git.${::domain}/web/www", } } diff --git a/deployment/websites/manifests/svn.pp b/deployment/websites/manifests/svn.pp index 650442dc..973c012d 100644 --- a/deployment/websites/manifests/svn.pp +++ b/deployment/websites/manifests/svn.pp @@ -1,5 +1,10 @@ class websites::svn { - apache::vhost_redirect { "svn.$::domain": - url => "http://svnweb.$::domain/", + apache::vhost_redirect { "svn.${::domain}": + url => "https://svnweb.${::domain}/", + } + apache::vhost_redirect { "ssl_svn.${::domain}": + use_ssl => true, + vhost => "svn.${::domain}", + url => "https://svnweb.${::domain}/", } } diff --git a/deployment/websites/manifests/www.pp b/deployment/websites/manifests/www.pp index 03498084..08c232f2 100644 --- a/deployment/websites/manifests/www.pp +++ b/deployment/websites/manifests/www.pp @@ -1,51 +1,64 @@ class websites::www { include websites::base - $vhost = "www.$::domain" - $vhostdir = "$websites::base::webdatadir/$vhost" - $svn_location = "svn://svn.$::domain/svn/web/www/trunk" + $vhost = "www.${::domain}" + $vhostdir = "${websites::base::webdatadir}/${vhost}" + $git_location = "git://git.${::domain}/web/www" + include apache::var include apache::mod::php - include apache::mod::geoip # for mailman reverse proxy, on ssl include apache::mod::proxy include apache::mod::ssl - subversion::snapshot { $vhostdir: - source => $svn_location, + git::snapshot { $vhostdir: + source => $git_location, } - file { "$vhostdir/var/tmp/cache": - ensure => directory, - group => $apache::base::apache_group, - mode => '0660', + file { [ "${vhostdir}/var", + "${vhostdir}/var/tmp", + "${vhostdir}/var/tmp/cache" ] : + ensure => directory, + group => $apache::var::apache_group, + mode => '0660', + require => Git::Snapshot[$vhostdir], + } + + file { [ "${vhostdir}/_nav", + "${vhostdir}/_nav/var", + "${vhostdir}/_nav/var/tmp", + "${vhostdir}/_nav/var/tmp/cache" ] : + ensure => directory, + group => $apache::var::apache_group, + mode => '0660', + require => Git::Snapshot[$vhostdir], } apache::vhost::base { $vhost: content => template('websites/vhost_www.conf', - 'websites/vhost_proxy_mailman.conf'), + 'websites/vhost_www_rewrite.conf'), location => $vhostdir, options => ['FollowSymLinks'], } - apache::vhost::base { "ssl_$vhost": + apache::vhost::base { "ssl_${vhost}": use_ssl => true, vhost => $vhost, content => template('websites/vhost_www.conf', - 'websites/vhost_proxy_mailman_ssl.conf'), + 'websites/vhost_www_rewrite.conf'), location => $vhostdir, options => ['FollowSymLinks'], } - apache::vhost_redirect { $::domain: - url => "http://www.$::domain/", + apache::vhost_redirect { "${::domain}": + url => "https://www.${::domain}/", } - apache::vhost_redirect { "ssl_$::domain": + apache::vhost_redirect { "ssl_${::domain}": use_ssl => true, - vhost => $::domain, - url => "https://www.$::domain/", + vhost => "${::domain}", + url => "https://www.${::domain}/", } - package { ['php-mbstring', 'php-mcrypt', 'php-gettext', 'php-geoip']: } + package { ['php-mbstring', 'php-mcrypt', 'php-gettext']: } } diff --git a/deployment/websites/templates/vhost_meetbot.conf b/deployment/websites/templates/vhost_meetbot.conf new file mode 100644 index 00000000..40a0f92a --- /dev/null +++ b/deployment/websites/templates/vhost_meetbot.conf @@ -0,0 +1,36 @@ +<VirtualHost *:80> + ServerAdmin sysadm@mageia.org + ServerName meetbot.<%= @domain %> + DocumentRoot <%= scope.lookupvar("websites::meetbot::vhostdir") %> + + CustomLog /var/log/httpd/access_meetbot_log combined + ErrorLog /var/log/httpd/error_meetbot_log + <Directory <%= scope.lookupvar("websites::meetbot::vhostdir") %>> + Allow from all + <IfModule mod_authz_core.c> + Require all granted + </IfModule> + Options +Indexes + IndexIgnore .htaccess *.bak *~ *.txt *.log.html + </Directory> +</VirtualHost> + +<VirtualHost *:443> + ServerAdmin sysadm@mageia.org + ServerName meetbot.<%= @domain %> + DocumentRoot <%= scope.lookupvar("websites::meetbot::vhostdir") %> + + CustomLog /var/log/httpd/access_meetbot_log combined + ErrorLog /var/log/httpd/error_meetbot_log + +<%= scope.function_template(["apache/vhost_ssl.conf"]) %> + + <Directory <%= scope.lookupvar("websites::meetbot::vhostdir") %>> + Allow from all + <IfModule mod_authz_core.c> + Require all granted + </IfModule> + Options +Indexes + IndexIgnore .htaccess *.bak *~ *.txt *.log.html + </Directory> +</VirtualHost> diff --git a/deployment/websites/templates/vhost_proxy_mailman.conf b/deployment/websites/templates/vhost_proxy_mailman.conf deleted file mode 100644 index ef447f9c..00000000 --- a/deployment/websites/templates/vhost_proxy_mailman.conf +++ /dev/null @@ -1,14 +0,0 @@ - -ProxyRequests Off -ProxyPreserveHost On - -<Proxy *> - Order deny,allow - Allow from all -</Proxy> - -<% for u in ['/mailman/','/pipermail/'] %> -ProxyPass <%= u %> http://ryu.zarb.org<%= u %> -ProxyPassReverse <%= u %> http://ryu.zarb.org<%= u %> - -<% end %> diff --git a/deployment/websites/templates/vhost_proxy_mailman_ssl.conf b/deployment/websites/templates/vhost_proxy_mailman_ssl.conf deleted file mode 100644 index e5fcfbe1..00000000 --- a/deployment/websites/templates/vhost_proxy_mailman_ssl.conf +++ /dev/null @@ -1,16 +0,0 @@ - -ProxyRequests Off -ProxyPreserveHost On - -<Proxy *> - Order deny,allow - Allow from all -</Proxy> - -SSLProxyEngine On - -<% for u in ['/mailman/','/pipermail/'] %> -ProxyPass <%= u %> https://ryu.zarb.org<%= u %> -ProxyPassReverse <%= u %> https://ryu.zarb.org<%= u %> - -<% end %> diff --git a/deployment/websites/templates/vhost_static.conf b/deployment/websites/templates/vhost_static.conf index 6521b469..fcadc425 100644 --- a/deployment/websites/templates/vhost_static.conf +++ b/deployment/websites/templates/vhost_static.conf @@ -1,7 +1,7 @@ <VirtualHost *:80> - ServerName static.<%= domain %> + ServerName static.<%= @domain %> - DocumentRoot <%= vhostdir %> + DocumentRoot <%= scope.lookupvar("websites::static::vhostdir") %> CustomLog /var/log/httpd/static_log combined ErrorLog /var/log/httpd/error_static_log @@ -19,10 +19,63 @@ AddOutputFilterByType DEFLATE application/json text/javascript application/javascript application/x-javascript <Location /> + Deny from all + </Location> + + <Location /g/> + Allow from all + </Location> + + <Directory <%= scope.lookupvar("websites::static::vhostdir") %>> + Order deny,allow + Deny from All + AllowOverride None + </Directory> + + <Directory <%= scope.lookupvar("websites::static::vhostdir") %>/g> + Order deny,allow + Allow from All + AllowOverride None + </Directory> +</VirtualHost> + +<VirtualHost *:443> + ServerName static.<%= @domain %> + + DocumentRoot <%= scope.lookupvar("websites::static::vhostdir") %> + CustomLog /var/log/httpd/static_log combined + ErrorLog /var/log/httpd/error_static_log + +<%= scope.function_template(["apache/vhost_ssl.conf"]) %> + + FileETag none + Header unset ETag + ExpiresActive On + ExpiresByType text/css "access plus 1 month" + ExpiresByType image/gif "access plus 2 months" + ExpiresByType image/png "access plus 2 months" + ExpiresByType image/jpeg "access plus 2 months" + ExpiresByType image/x-icon "access plus 2 months" + ExpiresByType application/x-javascript "access plus 1 month" + ExpiresByType text/javascript "access plus 1 month" + AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css + AddOutputFilterByType DEFLATE application/json text/javascript application/javascript application/x-javascript + + <Location /> + Deny from all + </Location> + + <Location /g/> Allow from all </Location> - <Directory <%= vhostdir %>> + <Directory <%= scope.lookupvar("websites::static::vhostdir") %>> + Order deny,allow + Deny from All + AllowOverride None + </Directory> + + <Directory <%= scope.lookupvar("websites::static::vhostdir") %>/g> Order deny,allow Allow from All AllowOverride None diff --git a/deployment/websites/templates/vhost_www.conf b/deployment/websites/templates/vhost_www.conf index 9d00828d..399681be 100644 --- a/deployment/websites/templates/vhost_www.conf +++ b/deployment/websites/templates/vhost_www.conf @@ -1,13 +1,13 @@ Redirect /wiki https://wiki.mageia.org/# -# Everything under /g/ is static content to be served by a seconday host +# Everything under /g/ is static content to be served by a secondary host RewriteEngine On -RewriteRule ^g/(.+)$ http://static.mageia.org/g/$1 [R,L,QSA] - -# ProxyPreserveHost On is in another file -ProxyPass /old-wiki/ http://ryu.zarb.org/wiki -ProxyPassReverse /old-wiki/ http://ryu.zarb.org/wiki +RewriteRule ^g/(.+)$ https://static.mageia.org/g/$1 [R,L,QSA] ErrorDocument 404 /404.php php_value short_open_tag false + +# switch all to https +RewriteCond %{HTTPS} !=on +RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] diff --git a/deployment/websites/templates/vhost_www_rewrite.conf b/deployment/websites/templates/vhost_www_rewrite.conf new file mode 100644 index 00000000..c7bb2fd5 --- /dev/null +++ b/deployment/websites/templates/vhost_www_rewrite.conf @@ -0,0 +1,22 @@ +RewriteEngine On +RewriteRule ^/mailman/listinfo/mageia-annnounce https://ml.mageia.org/l/info/announce [R=301,L] +RewriteRule ^/mailman/listinfo/mageia-artwork https://ml.mageia.org/l/info/atelier-discuss [R=301,L] +RewriteRule ^/mailman/listinfo/mageia-bugsquad https://ml.mageia.org/l/info/bugsquad-discuss [R=301,L] +RewriteRule ^/mailman/listinfo/mageia-dev https://ml.mageia.org/l/info/dev [R=301,L] +RewriteRule ^/mailman/listinfo/mageia-discuss https://ml.mageia.org/l/info/discuss [R=301,L] +RewriteRule ^/mailman/listinfo/mageia-i18n https://ml.mageia.org/l/info/i18n-discuss [R=301,L] +RewriteRule ^/mailman/listinfo/mageia-marketing https://ml.mageia.org/l/info/atelier-discuss [R=301,L] +RewriteRule ^/mailman/listinfo/mageia-sysadm https://ml.mageia.org/l/info/sysadmin-discuss [R=301,L] +RewriteRule ^/mailman/listinfo/mageia-webteam https://ml.mageia.org/l/info/atelier-discuss [R=301,L] +RewriteRule ^/mailman https://ml.mageia.org/ [R=301,L] + +RewriteRule ^/pipermail/mageia-announce/?(.*)$ https://archives.mageia.org/zarb-ml/mageia-announce/$1 [R=301,L] +RewriteRule ^/pipermail/mageia-artwork/?(.*)$ https://archives.mageia.org/zarb-ml/mageia-artwork/$1 [R=301,L] +RewriteRule ^/pipermail/mageia-bugsquad/?(.*)$ https://archives.mageia.org/zarb-ml/mageia-bugsquad/$1 [R=301,L] +RewriteRule ^/pipermail/mageia-dev/?(.*)$ https://archives.mageia.org/zarb-ml/mageia-dev/$1 [R=301,L] +RewriteRule ^/pipermail/mageia-discuss/?(.*)$ https://archives.mageia.org/zarb-ml/mageia-discuss/$1 [R=301,L] +RewriteRule ^/pipermail/mageia-i18n/?(.*)$ https://archives.mageia.org/zarb-ml/mageia-i18n/$1 [R=301,L] +RewriteRule ^/pipermail/mageia-marketing/?(.*)$ https://archives.mageia.org/zarb-ml/mageia-marketing/$1 [R=301,L] +RewriteRule ^/pipermail/mageia-sysadm/?(.*)$ https://archives.mageia.org/zarb-ml/mageia-sysadm/$1 [R=301,L] +RewriteRule ^/pipermail/mageia-webteam/?(.*)$ https://archives.mageia.org/zarb-ml/mageia-webteam/$1 [R=301,L] +RewriteRule ^/pipermail https://archives.mageia.org/zarb-ml/ [R=301,L] |