From 16b81b98fef3338c96fa656a095b564a6542cb52 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 31 Jan 2016 20:05:08 +0100
Subject: [PATCH] try ssl on syncproxies

---
 modules/roles/manifests/syncproxy.pp                       | 1 +
 .../templates/syncproxy/syncproxy.debian.org-apache.erb    | 7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/modules/roles/manifests/syncproxy.pp b/modules/roles/manifests/syncproxy.pp
index 7e21d5be6..b01232b39 100644
--- a/modules/roles/manifests/syncproxy.pp
+++ b/modules/roles/manifests/syncproxy.pp
@@ -41,6 +41,7 @@ class roles::syncproxy {
 	}
 
 	if $::apache2 and $syncproxy_name != 'unknown' {
+		ssl::service { "$syncproxy_name": notify => Service['apache2'], key => true, }
 		apache2::site { '010-syncproxy.debian.org':
 			site   => 'syncproxy.debian.org',
 			content => template('roles/syncproxy/syncproxy.debian.org-apache.erb')
diff --git a/modules/roles/templates/syncproxy/syncproxy.debian.org-apache.erb b/modules/roles/templates/syncproxy/syncproxy.debian.org-apache.erb
index db525133f..9367e8e73 100644
--- a/modules/roles/templates/syncproxy/syncproxy.debian.org-apache.erb
+++ b/modules/roles/templates/syncproxy/syncproxy.debian.org-apache.erb
@@ -5,12 +5,17 @@
 
 <%
   vhost_listen = [ (bind != '') ? "#{bind}:80" : "*:80",  (bind6 != '') ? "#{bind6}:80" : "*:80"].uniq.join(' ')
+  vhost_listen_443 = [ (bind != '') ? "#{bind}:443" : "*:443",  (bind6 != '') ? "#{bind6}:443" : "*:443"].uniq.join(' ')
 %>
 
-<Virtualhost <%= vhost_listen %> >
+Use common-debian-service-https-redirect "<%= vhost_listen %>" <%= syncproxy_name %>
+<Virtualhost <%= vhost_listen_443 %> >
    ServerName <%= syncproxy_name %>
    DocumentRoot /srv/www/syncproxy.debian.org/htdocs
 
+   Use common-debian-service-ssl <%= syncproxy_name %>
+   Use common-ssl-HSTS
+
    <Directory /srv/www/syncproxy.debian.org/htdocs>
       Require all granted
    </Directory>
-- 
2.20.1