demwtest frontend setup plus install demw application in backend

2024-03-21 18:19:48 +01:00 · 2024-03-21 18:19:48 +01:00 · 7323c75cee
commit 7323c75cee
parent ed1bec53aa
3 changed files with 44 additions and 0 deletions
--- a/fe-test-common/overlay/etc/hiera/data/group.yaml
+++ b/fe-test-common/overlay/etc/hiera/data/group.yaml
@ -192,3 +192,23 @@ sunet_frontend:
        haproxy_imagetag: 'test'
        frontendtools_image: docker.sunet.se/eidas-frontend-tools
        frontendtools_imagetag: 'staging'
+
+      'demwtest':
+        site_name: 'test.demw.eidas.swedenconnect.se'
+        frontends:
+          'fe-fre-1.test.komreg.net':
+            ips: ['94.176.226.142', '2001:6b0:65:2::142']
+          'fe-tug-1.test.komreg.net':
+            ips: ['94.176.226.143', '2001:6b0:65:2::143']
+        backends:
+          default:
+            'demw-1.test.sveidas.se':
+              ips: ['89.45.236.166']
+              server_args: 'ssl check verify none'
+        allow_ports:
+          - 443
+        letsencrypt_server: 'acme-c.sunet.se'
+        haproxy_image: docker.sunet.se/eidas-haproxy
+        haproxy_imagetag: 'test'
+        frontendtools_image: docker.sunet.se/eidas-frontend-tools
+        frontendtools_imagetag: 'staging'
--- a/fe-test-common/overlay/opt/frontend/config/demwtest/haproxy.j2
+++ b/fe-test-common/overlay/opt/frontend/config/demwtest/haproxy.j2
@ -0,0 +1,21 @@
+{% extends 'common/haproxy_base.j2' %}
+
+{% from "common/haproxy_macros.j2" import bind_ip_tls, web_security_options, acme_challenge, csp %}
+
+{% block frontend %}
+frontend {{ site_name }}
+    {{ bind_ip_tls(bind_ips, 443, tls_certificate_bundle) }}
+
+    timeout http-request 10s
+    timeout http-keep-alive 4s
+    option forwardfor
+    http-request set-header X-Forwarded-Proto https
+
+    {{ web_security_options(['no_frames', 'block_xss', 'hsts', 'no_sniff']) }}
+
+    {{ acme_challenge(letsencrypt_server) }}
+
+    use_backend {{ site_name }}__default
+
+{% endblock frontend %}
+
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@ -848,6 +848,9 @@ demw-1.test.sveidas.se:
      storage_driver: 'overlay2'
   konsulter:
   autoupdate:
+   eidas_de_middleware_hsm:
+      version: 320-sc_hsm2
+      hostname: test.demw.eidas.swedenconnect.se
   saml_metadata:
      filename: /opt/eidas-middleware/configuration/serviceprovider-metadata/connector-metadata.xml
      url: https://test.connector.eidas.swedenconnect.se/idp/metadata/sp