From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 31 Jan 2016 19:05:08 +0000 (+0100)
Subject: try ssl on syncproxies
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=16b81b98fef3338c96fa656a095b564a6542cb52;p=mirror%2Fdsa-puppet.git

try ssl on syncproxies
---

diff --git a/modules/roles/manifests/syncproxy.pp b/modules/roles/manifests/syncproxy.pp
index 7e21d5be6..b01232b39 100644
--- a/modules/roles/manifests/syncproxy.pp
+++ b/modules/roles/manifests/syncproxy.pp
@@ -41,6 +41,7 @@ class roles::syncproxy {
 	}
 
 	if $::apache2 and $syncproxy_name != 'unknown' {
+		ssl::service { "$syncproxy_name": notify => Service['apache2'], key => true, }
 		apache2::site { '010-syncproxy.debian.org':
 			site   => 'syncproxy.debian.org',
 			content => template('roles/syncproxy/syncproxy.debian.org-apache.erb')
diff --git a/modules/roles/templates/syncproxy/syncproxy.debian.org-apache.erb b/modules/roles/templates/syncproxy/syncproxy.debian.org-apache.erb
index db525133f..9367e8e73 100644
--- a/modules/roles/templates/syncproxy/syncproxy.debian.org-apache.erb
+++ b/modules/roles/templates/syncproxy/syncproxy.debian.org-apache.erb
@@ -5,12 +5,17 @@
 
 <%
   vhost_listen = [ (bind != '') ? "#{bind}:80" : "*:80",  (bind6 != '') ? "#{bind6}:80" : "*:80"].uniq.join(' ')
+  vhost_listen_443 = [ (bind != '') ? "#{bind}:443" : "*:443",  (bind6 != '') ? "#{bind6}:443" : "*:443"].uniq.join(' ')
 %>
 
-<Virtualhost <%= vhost_listen %> >
+Use common-debian-service-https-redirect "<%= vhost_listen %>" <%= syncproxy_name %>
+<Virtualhost <%= vhost_listen_443 %> >
    ServerName <%= syncproxy_name %>
    DocumentRoot /srv/www/syncproxy.debian.org/htdocs
 
+   Use common-debian-service-ssl <%= syncproxy_name %>
+   Use common-ssl-HSTS
+
    <Directory /srv/www/syncproxy.debian.org/htdocs>
       Require all granted
    </Directory>