class roles::snapshot_web {
include apache2
+ include apache2::dynamic
include apache2::rewrite
- include stretch::network_online
ensure_packages ( [
"libapache2-mod-wsgi",
}
case $::hostname {
+ 'lw07': {
+ $ipv4addr = '185.17.185.185'
+ $ipv6addr = '2001:1af8:4020:b030:deb::185'
+ $ipv6addr_apache = '2001:1af8:4020:b030:deb::187'
+ }
'sallinen': {
$ipv4addr = '193.62.202.27'
$ipv6addr = '2001:630:206:4000:1a1a:0:c13e:ca1b'
}
}
+ # varnish cache
+ ###############
@ferm::rule { 'dsa-snapshot-varnish-v4':
rule => '&SERVICE(tcp, 6081)',
}
content => template('roles/snapshot/snapshot.debian.org.vcl.erb'),
}
+ # the ipv6 port 80 is owned by varnish
file { '/etc/apache2/ports.conf':
content => @("EOF"),
Listen 0.0.0.0:80
require => Package['apache2'],
notify => Service['apache2'],
}
+
+ # haproxy ssl termination
+ #########################
+ include haproxy
+ file { '/etc/haproxy/haproxy.cfg':
+ content => template('roles/snapshot/haproxy.cfg.erb'),
+ require => Package['haproxy'],
+ notify => Service['haproxy'],
+ }
+ ssl::service { 'snapshot.debian.org':
+ notify => Service['haproxy'],
+ key => true,
+ }
}
projects / mirror / dsa-puppet.git / blobdiff