infra::role: base
infra::additional_classes:
- infra::profile::apache
+ - apache::mod::proxy_ajp
# fact override
infra::profile::icinga2::client::ipv4: '217.66.53.109'
ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.com-cert.pem'
ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.com-key.pem'
ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.com-cert.pem'
-# proxy_dest: 'ajp://extranet01.pixelpark.net:8001/confluence/'
-# no_proxy_uris:
-# - /server-status
-# - /server-info
+ docroot_owner: apache
+ docroot_group: apache
+ docroot_mode: '2775'
+ directories:
+ - directory_root:
+ provider: directory
+ path: '/var/www/jira'
+ options:
+ - FollowSymLinks
+ - MultiViews
+ allow_override:
+ - All
+ directoryindex: index.html
proxy_pass:
- { path: /server-status, url: '!' }
- { path: /server-info, url: '!' }
- - { path: /confluence/, url: 'http://localhost:8090/confluence/' }
+ - { path: /confluence, url: 'ajp://extranet01.pixelpark.net:8001/confluence' }
+ headers_ssl:
+ - always set Strict-Transport-Security "max-age=31556926"
setenvif:
- 'Remote_Addr ^(217\.66\.49\.|217\.66\.50\.|217\.66\.51\.|217\.66\.56\.|213\.61\.241\.|81\.173\.202\.|194\.8\.221\.2|10\.200\.|62\.214\.114\.) ppnetze=true'
rewrites:
- ^(/?)$ /confluence/ [R=301,L]
- comment: 'switch to https'
rewrite_cond:
- - '%%{ich-trickse}{HTTPS} !=on'
+ - '%%{ich-trickse}{HTTPS} !=on [NC]'
rewrite_rule:
- ^(.*)$ https://%%{ich-trickse}{HTTP_HOST}$1 [R=301,L]
- comment: 'browse people'
projects / pixelpark / hiera.git / commitdiff