49 lines
1.6 KiB
Puppet
49 lines
1.6 KiB
Puppet
class dns::apache2 (
|
|
$dnsapiport = '8443',
|
|
){
|
|
|
|
package { ['apache2', 'libapache2-mod-qos', 'python3-certbot-apache']:
|
|
ensure => installed,
|
|
}
|
|
file {'/etc/letsencrypt/options-ssl-apache.conf':
|
|
ensure => present,
|
|
source => "/usr/lib/python3/dist-packages/certbot_apache/_internal/tls_configs/current-options-ssl-apache.conf",
|
|
}
|
|
|
|
service { 'apache2':
|
|
ensure => running,
|
|
enable => true,
|
|
}
|
|
# Configuration of the web service follows.
|
|
file { '/etc/apache2/sites-available/dns-rest-api.conf':
|
|
ensure => file,
|
|
mode => '0644',
|
|
content => template('dns/apache2/dns-rest-api.conf.erb'),
|
|
notify => Service['apache2'],
|
|
}
|
|
exec { 'a2enmod ssl && a2enmod headers && a2enmod proxy && a2enmod proxy_http && a2enmod request && a2enmod rewrite && a2enmod allowmethods':
|
|
subscribe => File['/etc/apache2/sites-available/dns-rest-api.conf'],
|
|
refreshonly => true,
|
|
notify => Service['apache2'],
|
|
}
|
|
|
|
exec { 'a2dissite 000-default':
|
|
subscribe => File['/etc/apache2/sites-available/dns-rest-api.conf'],
|
|
refreshonly => true,
|
|
notify => Service['apache2'],
|
|
}
|
|
exec { 'a2ensite dns-rest-api':
|
|
subscribe => File['/etc/apache2/sites-available/dns-rest-api.conf'],
|
|
refreshonly => true,
|
|
notify => Service['apache2'],
|
|
}
|
|
|
|
# NFT rules
|
|
sunet::nftables::rule { 'apache-http':
|
|
rule => "add rule inet filter input tcp dport 80 counter accept comment \"allow-apache2-http\""
|
|
}
|
|
sunet::nftables::rule { 'apache-https':
|
|
rule => "add rule inet filter input tcp dport $dnsapiport counter accept comment \"allow-apache2-https\""
|
|
}
|
|
}
|