Skip to content

Commit

Permalink
Use web::vhost in web::jenkins
Browse files Browse the repository at this point in the history 
Now that web::vhost handles the certificate properly, web::jenkins can
take advantage of it. It needs some special handling to make the HTTP
vhost redirect if HTTPS is enabled and that's why http_attrs and
https_attrs are introduced in web::vhost.

The X-Forwarded-Proto header is rewritten to use the REQUEST_SCHEME
variable to automatically get the correct value.
  • Loading branch information
@ekohl
ekohl committed Dec 2, 2024
1 parent d46dcb2 commit 3af0a02
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 63 deletions.
85 changes: 24 additions & 61 deletions puppet/modules/web/manifests/jenkins.pp
View file
Original file line number Diff line number Diff line change
@@ -1,25 +1,14 @@
class web::jenkins(
class web::jenkins (
Stdlib::Fqdn $hostname = 'ci.theforeman.org',
Stdlib::Absolutepath $webroot = '/var/www/vhosts/jenkins/htdocs',
Boolean $https = false,
) {
include web::base

$proxy_pass = {
'path' => '/',
'url' => 'http://localhost:8080/',
'keywords' => ['nocanon'],
'no_proxy_uris' => ['/.well-known'],
}

if $https {
include web::letsencrypt

letsencrypt::certonly { $hostname:
plugin => 'webroot',
domains => [$hostname],
webroot_paths => [$webroot],
}
$proxy_attrs = {
'allow_encoded_slashes' => 'nodecode',
'proxy_pass' => {
'path' => '/',
'url' => 'http://localhost:8080/',
'keywords' => ['nocanon'],
'no_proxy_uris' => ['/.well-known'],
},
}

if $facts['os']['selinux']['enabled'] {
Expand All @@ -29,50 +18,24 @@
}
}

file { dirname($webroot):
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}

if $https {
$url = "https://${hostname}"
include web

apache::vhost { 'jenkins':
port => 80,
servername => $hostname,
docroot => $webroot,
docroot_owner => $apache::user,
docroot_group => $apache::group,
redirect_dest => "https://${hostname}/",
}
apache::vhost { 'jenkins-https':
port => 443,
servername => $hostname,
docroot => $webroot,
docroot_owner => $apache::user,
docroot_group => $apache::group,
proxy_pass => $proxy_pass,
allow_encoded_slashes => 'nodecode',
request_headers => ['set X-Forwarded-Proto "https"'],
ssl => true,
ssl_cert => "/etc/letsencrypt/live/${hostname}/fullchain.pem",
ssl_chain => "/etc/letsencrypt/live/${hostname}/chain.pem",
ssl_key => "/etc/letsencrypt/live/${hostname}/privkey.pem",
require => Letsencrypt::Certonly[$hostname],
if $web::https {
$http_attrs = {
'redirect_dest' => "https://${hostname}/",
}
$https_attrs = $proxy_attrs
} else {
$url = "http://${hostname}"
$http_attrs = $proxy_attrs
$https_attrs = {}
}

apache::vhost { 'jenkins':
port => 80,
servername => $hostname,
docroot => $webroot,
docroot_owner => $apache::user,
docroot_group => $apache::group,
proxy_pass => $proxy_pass,
allow_encoded_slashes => 'nodecode',
}
web::vhost { 'jenkins':
servername => $hostname,
http_attrs => $http_attrs,
https_attrs => $https_attrs,
attrs => {
'request_headers' => ['set X-Forwarded-Proto expr=%{REQUEST_SCHEME}'],
},
}
}
6 changes: 4 additions & 2 deletions puppet/modules/web/manifests/vhost.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,8 @@
Optional[String] $docroot_group = undef,
Optional[Stdlib::Filemode] $docroot_mode = undef,
Hash[String, Any] $attrs = {},
Hash[String, Any] $http_attrs = {},
Hash[String, Any] $https_attrs = {},
) {
require web

Expand All @@ -48,7 +50,7 @@
docroot_owner => $docroot_owner,
docroot_group => $docroot_group,
docroot_mode => $docroot_mode,
* => $attrs,
* => $http_attrs + $attrs,
}

if $web::https {
Expand All @@ -74,7 +76,7 @@
ssl_chain => "${letsencrypt::config_dir}/live/${servername}/chain.pem",
ssl_key => "${letsencrypt::config_dir}/live/${servername}/privkey.pem",
require => Letsencrypt::Certonly[$servername],
* => $attrs,
* => $https_attrs + $attrs,
}
}
}

0 comments on commit 3af0a02

Please sign in to comment.