--- /dev/null
+Use common-debian-service-https-redirect * debtags.debian.org
+
+WSGIDaemonProcess debtags.debian.org user=nobody group=debtags home=/ processes=2 threads=5 maximum-requests=5000 inactivity-timeout=1800 umask=0077 display-name=wsgi-debtags.debian.org
+
+<VirtualHost *:443>
+ ServerName debtags.debian.org
+ ServerAdmin debian-admin@lists.debian.org
+
+ Use common-debian-service-ssl debtags.debian.org
+ Use common-ssl-HSTS
+
+ SSLCACertificateFile /var/lib/dsa/sso/ca.crt
+ SSLCARevocationCheck chain
+ SSLCARevocationFile /var/lib/dsa/sso/ca.crl
+ SSLVerifyClient optional
+
+ SSLOptions +StdEnvVars
+
+ <IfModule mod_userdir.c>
+ UserDir disabled
+ </IfModule>
+ ErrorLog /var/log/apache2/debtags.debian.org-error.log
+ CustomLog /var/log/apache2/debtags.debian.org-access.log privacy
+ ServerSignature On
+
+
+ <Directory /srv/debtags.debian.net/htdocs>
+ Require all granted
+ </Directory>
+
+ <Directory /srv/debtags.debian.net/bin>
+ <Files debtags.wsgi>
+ Require all granted
+ </Files>
+ </Directory>
+
+ WSGIScriptAlias / /srv/debtags.debian.net/bin/debtags.wsgi
+ WSGIProcessGroup debtags.debian.net
+ WSGIPassAuthorization On
+</VirtualHost>
+
--- /dev/null
+class roles::debtags {
+ apache2::module { 'ssl': }
+ package { 'libapache2-mod-wsgi': ensure => installed, }
+
+ ssl::service { 'debtags.debian.org':
+ notify => Service['apache2'],
+ }
+
+ apache2::site { '010-debtags.debian.org':
+ site => 'debtags.debian.org',
+ source => 'puppet:///modules/roles/debtags/debtags.debian.org',
+ }
+}
projects / mirror / dsa-puppet.git / commitdiff