diff options
Diffstat (limited to 'modules/phpbb')
| -rw-r--r-- | modules/phpbb/files/phpbb_apply_config.pl | 2 | ||||
| -rw-r--r-- | modules/phpbb/files/robots.txt | 7 | ||||
| -rw-r--r-- | modules/phpbb/manifests/base.pp | 16 | ||||
| -rw-r--r-- | modules/phpbb/manifests/config.pp | 14 | ||||
| -rw-r--r-- | modules/phpbb/manifests/instance.pp | 54 | ||||
| -rw-r--r-- | modules/phpbb/manifests/locale_db.pp | 3 | ||||
| -rw-r--r-- | modules/phpbb/manifests/redirection_instance.pp | 4 | ||||
| -rw-r--r-- | modules/phpbb/templates/config.php | 2 | ||||
| -rw-r--r-- | modules/phpbb/templates/forums_vhost.conf | 24 |
9 files changed, 81 insertions, 45 deletions
diff --git a/modules/phpbb/files/phpbb_apply_config.pl b/modules/phpbb/files/phpbb_apply_config.pl index 5bd094e4..a58df24e 100644 --- a/modules/phpbb/files/phpbb_apply_config.pl +++ b/modules/phpbb/files/phpbb_apply_config.pl @@ -16,7 +16,7 @@ my $dbh = DBI->connect("dbi:Pg:","","", { my $table = "phpbb_config"; # FIXME add rollback if there is a problem -# http://docstore.mik.ua/orelly/linux/dbi/ch06_03.htm +# https://docstore.mik.ua/orelly/linux/dbi/ch06_03.htm my $update = $dbh->prepare("UPDATE $table SET config_value = ?, is_dynamic = ? WHERE config_name = ?"); my $insert = $dbh->prepare("INSERT INTO $table ( config_value, is_dynamic, config_name ) VALUES ( ? , ? , ? )"); diff --git a/modules/phpbb/files/robots.txt b/modules/phpbb/files/robots.txt new file mode 100644 index 00000000..1c335a73 --- /dev/null +++ b/modules/phpbb/files/robots.txt @@ -0,0 +1,7 @@ +User-agent: * +Disallow: /*/faq.php? +Disallow: /*/memberlist.php? +Disallow: /*/posting.php? +Disallow: /*/search.php? +Disallow: /*/ucp.php? +Crawl-delay: 30 diff --git a/modules/phpbb/manifests/base.pp b/modules/phpbb/manifests/base.pp index 115c4592..9f676cb4 100644 --- a/modules/phpbb/manifests/base.pp +++ b/modules/phpbb/manifests/base.pp @@ -9,7 +9,6 @@ class phpbb::base { 'php-xml', 'php-zlib', 'php-ftp', - 'php-apc', 'php-magickwand', 'php-pgsql', 'php-ldap']: } @@ -30,14 +29,23 @@ class phpbb::base { ensure => directory, } + $robotsfile = "$forums_dir/robots.txt" + file { $robotsfile: + ensure => present, + mode => '0644', + owner => root, + group => root, + source => 'puppet:///modules/phpbb/robots.txt', + } + # TODO check that everything is locked down - apache::vhost::base { "forums.$::domain": + apache::vhost::base { "forums.${::domain}": content => template('phpbb/forums_vhost.conf'), } - apache::vhost::base { "ssl_forums.$::domain": + apache::vhost::base { "ssl_forums.${::domain}": use_ssl => true, - vhost => "forums.$::domain", + vhost => "forums.${::domain}", content => template('phpbb/forums_vhost.conf'), } diff --git a/modules/phpbb/manifests/config.pp b/modules/phpbb/manifests/config.pp index 52bd5419..553b0f74 100644 --- a/modules/phpbb/manifests/config.pp +++ b/modules/phpbb/manifests/config.pp @@ -1,12 +1,12 @@ define phpbb::config($key, $value, $database) { - exec { "phpbb_apply $name": - command => "/usr/local/bin/phpbb_apply_config.pl $key", + exec { "phpbb_apply ${name}": + command => "/usr/local/bin/phpbb_apply_config.pl ${key}", user => 'root', - environment => ["PGDATABASE=$database", - "PGUSER=$phpbb::base::user", - "PGPASSWORD=$phpbb::base::pgsql_password", - "PGHOST=pgsql.$::domain", - "VALUE=$value"], + environment => ["PGDATABASE=${database}", + "PGUSER=${phpbb::base::user}", + "PGPASSWORD=${phpbb::base::pgsql_password}", + "PGHOST=pgsql.${::domain}", + "VALUE=${value}"], require => File['/usr/local/bin/phpbb_apply_config.pl'], } } diff --git a/modules/phpbb/manifests/instance.pp b/modules/phpbb/manifests/instance.pp index d260ff7b..e300d9e0 100644 --- a/modules/phpbb/manifests/instance.pp +++ b/modules/phpbb/manifests/instance.pp @@ -2,27 +2,27 @@ define phpbb::instance() { include phpbb::base $lang = $name - $database = "${phpbb::base::db}_$lang" + $database = "${phpbb::base::db}_${lang}" $user = $phpbb::base::user $pgsql_password = $phpbb::base::pgsql_password $forums_dir = $phpbb::base::forums_dir include git::client - exec { "git_clone $lang": - command =>"git clone git://git.$::domain/forum/ $lang", + exec { "git_clone ${lang}": + command =>"git clone git://git.${::domain}/web/forums/ ${lang}", cwd => $forums_dir, - creates => "$forums_dir/$lang", + creates => "${forums_dir}/${lang}", require => File[$forums_dir], - notify => Exec["rm_install $lang"], + notify => Exec["rm_install ${lang}"], } # remove this or the forum will not work ( 'board disabled' ) - # maybe it would be better to move this elsehwere, I + # maybe it would be better to move this elsewhere, I # am not sure ( and in any case, that's still in git ) - exec { "rm_install $lang": - command => "rm -Rf $forums_dir/$lang/phpBB/install", - onlyif => "test -d $forums_dir/$lang/phpBB/install", + exec { "rm_install ${lang}": + command => "rm -Rf ${forums_dir}/${lang}/phpBB/install", + onlyif => "test -d ${forums_dir}/${lang}/phpBB/install", } # list found by reading ./install/install_install.php @@ -33,15 +33,15 @@ define phpbb::instance() { 'files', 'store' ] - $dir_names = regsubst($writable_dirs,'^',"$forums_dir/$lang/phpBB/") + $dir_names = regsubst($writable_dirs,'^',"${forums_dir}/${lang}/phpBB/") file { $dir_names: ensure => directory, owner => 'apache', - require => Exec["git_clone $lang"], + require => Exec["git_clone ${lang}"], } - file { "$forums_dir/$lang/phpBB/config.php": + file { "${forums_dir}/${lang}/phpBB/config.php": content => template('phpbb/config.php'), } @@ -56,25 +56,25 @@ define phpbb::instance() { $ldap_password = extlookup( 'phpbb_ldap','x') phpbb::config { - "ldap_user/$lang": - key => 'ldap_user', value => "cn=phpbb-$::hostname,ou=System Accounts,$::dc_suffix"; - "ldap_server/$lang": - key => 'ldap_server', value => "ldaps://ldap.$::domain ldaps://ldap-slave-1.$::domain"; - "ldap_password/$lang": + "ldap_user/${lang}": + key => 'ldap_user', value => "cn=phpbb-${::hostname},ou=System Accounts,${::dc_suffix}"; + "ldap_server/${lang}": + key => 'ldap_server', value => "ldaps://ldap.${::domain} ldaps://ldap-slave-1.${::domain}"; + "ldap_password/${lang}": key => 'ldap_password', value => $ldap_password; - "ldap_base_dn/$lang": - key => 'ldap_base_dn', value => "ou=People,$::dc_suffix"; - "auth_method/$lang": + "ldap_base_dn/${lang}": + key => 'ldap_base_dn', value => "ou=People,${::dc_suffix}"; + "auth_method/${lang}": key => 'auth_method', value => 'ldap'; - "ldap_mail/$lang": + "ldap_mail/${lang}": key => 'ldap_mail', value => 'mail'; - "ldap_uid/$lang": + "ldap_uid/${lang}": key => 'ldap_uid', value => 'uid'; - "cookie_domain/$lang": - key => 'cookie_domain', value => "forums.$::domain"; - "server_name/$lang": - key => 'server_name', value => "forums.$::domain"; - "default_lang/$lang": + "cookie_domain/${lang}": + key => 'cookie_domain', value => "forums.${::domain}"; + "server_name/${lang}": + key => 'server_name', value => "forums.${::domain}"; + "default_lang/${lang}": key => 'default_lang', value => $lang; } } diff --git a/modules/phpbb/manifests/locale_db.pp b/modules/phpbb/manifests/locale_db.pp index 8111f18f..70116962 100644 --- a/modules/phpbb/manifests/locale_db.pp +++ b/modules/phpbb/manifests/locale_db.pp @@ -1,7 +1,8 @@ +# FIXME: In puppet >3.0 word 'tag' is reserved, so it have to be renamed define phpbb::locale_db($tag = 'default', $user = $phpbb::base::user) { postgresql::database { $name: - description => "$lang db for phpbb forum", + description => "${lang} db for phpbb forum", user => $user, tag => $tag, # this break due to the way it is remotely declared diff --git a/modules/phpbb/manifests/redirection_instance.pp b/modules/phpbb/manifests/redirection_instance.pp index 48446d3e..332eac53 100644 --- a/modules/phpbb/manifests/redirection_instance.pp +++ b/modules/phpbb/manifests/redirection_instance.pp @@ -1,7 +1,7 @@ define phpbb::redirection_instance($url) { $lang = $name - file { "/etc/httpd/conf/vhosts.d/forums.d/redirect_$name.conf": + file { "/etc/httpd/conf/vhosts.d/forums.d/redirect_${name}.conf": content => template('phpbb/forums_redirect.conf'), - notify => Exec['service httpd configtest'], + notify => Exec['apachectl configtest'], } } diff --git a/modules/phpbb/templates/config.php b/modules/phpbb/templates/config.php index 95bf1f2a..5d878235 100644 --- a/modules/phpbb/templates/config.php +++ b/modules/phpbb/templates/config.php @@ -2,7 +2,7 @@ // phpBB 3.0.x auto-generated configuration file // // Do not change anything in this file! $dbms = 'postgres'; -$dbhost = 'pgsql.<%= domain %>'; +$dbhost = 'pg.<%= domain %>'; $dbport = ''; $dbname = '<%= database %>'; $dbuser = '<%= user %>'; diff --git a/modules/phpbb/templates/forums_vhost.conf b/modules/phpbb/templates/forums_vhost.conf index 2c715485..440dad1f 100644 --- a/modules/phpbb/templates/forums_vhost.conf +++ b/modules/phpbb/templates/forums_vhost.conf @@ -1,19 +1,32 @@ # TODO redirect based on language settings # and the presence of the forum - + # for locale redirection Include conf/vhosts.d/forums.d/*.conf + # Prevent including forum site in tier iframe + Header set X-Frame-Options DENY + # using Redirect create a loop, so we use mod_rewrite here RewriteEngine On RewriteRule ^/$ /en/ [R] RewriteRule ^/(..)$ /$1/ [R] + Alias /robots.txt <%= forums_dir %>/robots.txt + AliasMatch ^/(..)/(.*) <%= forums_dir %>/$1/phpBB/$2 <Directory ~ "<%= forums_dir %>/.*/phpBB/"> + <IfModule mod_authz_core.c> + # Apache 2.4 + Require all granted + </IfModule> + <IfModule !mod_authz_core.c> + # Apache 2.2 + Order Allow,Deny Allow from all + </IfModule> </Directory> <%- @@ -35,8 +48,15 @@ forbidden = ['install', for f in forbidden -%> <Directory <%= forums_dir %>/.*/phpBB/<%= f %>/ > - Order Allow,Deny + <IfModule mod_authz_core.c> + # Apache 2.4 + Require all denied + </IfModule> + <IfModule !mod_authz_core.c> + # Apache 2.2 + Order Deny,Allow Deny from all + </IfModule> </Directory> <%- end -%> |