pwood/gd-webserver.pp

## gd-webserver.pp
class profile::gd_webserver inherits profile::gd_base {
   firewall { '080 Web Server (HTTP)':
     proto   => 'tcp',
     dport   => '80',
     action  => 'accept'
   }

   firewall { '081 Web Server (SSL)':
     proto   => 'tcp',
     dport   => '443',
     action  => 'accept'
   }

   $webserver = hiera('webserver')
   $site = $webserver["name"]

   file { "/etc/ssl/certs/$site.crt":
     mode    => 0655,
     source  => "puppet:///private/etc/ssl/certs/$site.crt",
     owner   => "www-data",
     group   => "www-data"
   }

   file { "/etc/ssl/certs/$site-bundle.crt":
     mode    => 0655,
     source  => "puppet:///private/etc/ssl/certs/$site-bundle.crt",
     owner   => "www-data",
     group   => "www-data"
   }

   file { "/etc/ssl/private/$site.key":
     mode    => 0600,
     source  => "puppet:///private/etc/ssl/private/$site.key",
     owner   => "www-data",
     group   => "www-data"
   }

  file { "/opt/gamedirector/www/":
    require => Group["gd"],
    ensure => "directory",
    owner  => "www-data",
    group  => "gd",
    mode   => 770
  }

   class { 'apache':
     default_mods        => false,
     default_confd_files => false,
     default_vhost       => false,
     server_signature    => "Off",
   }

   apache::vhost { "$site-non-ssl":
     servername      => $site,
     port            => '80',
     docroot         => "/opt/gamedirector/www/$site",
     redirect_status => "permanent",
     redirect_dest   => "https://$site",
   }

   apache::vhost { "$site-ssl":
     servername      => $site,
     port            => '443',
     docroot         => "/opt/gamedirector/www/$site",
     ssl             => true,
     ssl_cert        => "/etc/ssl/certs/$site.crt",
     ssl_key         => "/etc/ssl/private/$site.key",
     ssl_chain       => "/etc/ssl/certs/$site-bundle.crt",
   }
}
	class profile::gd_webserver inherits profile::gd_base {
	firewall { '080 Web Server (HTTP)':
	proto => 'tcp',
	dport => '80',
	action => 'accept'
	}

	firewall { '081 Web Server (SSL)':
	proto => 'tcp',
	dport => '443',
	action => 'accept'
	}

	$webserver = hiera('webserver')
	$site = $webserver["name"]

	file { "/etc/ssl/certs/$site.crt":
	mode => 0655,
	source => "puppet:///private/etc/ssl/certs/$site.crt",
	owner => "www-data",
	group => "www-data"
	}

	file { "/etc/ssl/certs/$site-bundle.crt":
	mode => 0655,
	source => "puppet:///private/etc/ssl/certs/$site-bundle.crt",
	owner => "www-data",
	group => "www-data"
	}

	file { "/etc/ssl/private/$site.key":
	mode => 0600,
	source => "puppet:///private/etc/ssl/private/$site.key",
	owner => "www-data",
	group => "www-data"
	}

	file { "/opt/gamedirector/www/":
	require => Group["gd"],
	ensure => "directory",
	owner => "www-data",
	group => "gd",
	mode => 770
	}

	class { 'apache':
	default_mods => false,
	default_confd_files => false,
	default_vhost => false,
	server_signature => "Off",
	}

	apache::vhost { "$site-non-ssl":
	servername => $site,
	port => '80',
	docroot => "/opt/gamedirector/www/$site",
	redirect_status => "permanent",
	redirect_dest => "https://$site",
	}

	apache::vhost { "$site-ssl":
	servername => $site,
	port => '443',
	docroot => "/opt/gamedirector/www/$site",
	ssl => true,
	ssl_cert => "/etc/ssl/certs/$site.crt",
	ssl_key => "/etc/ssl/private/$site.key",
	ssl_chain => "/etc/ssl/certs/$site-bundle.crt",
	}
	}