From 429ebb3262dd5b293a6c4175a8f36b7d282b8e75 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Oliver=20B=C3=B6ttcher?= Date: Tue, 28 Mar 2017 12:13:15 +0200 Subject: [PATCH] MBVD ODT - Live env --- .../cms-odt-daimler-com.pixelpark.net.yaml | 213 ++++++++++++++++++ .../db-odt-daimler-com.pixelpark.net.yaml | 59 +++++ ...int-cms-odt-daimler-com.pixelpark.net.yaml | 2 + .../int-odt-daimler-com.pixelpark.net.yaml | 8 +- .../odt-daimler-com.pixelpark.net.yaml | 39 ++++ 5 files changed, 315 insertions(+), 6 deletions(-) diff --git a/customer/mbvd-odt/cms-odt-daimler-com.pixelpark.net.yaml b/customer/mbvd-odt/cms-odt-daimler-com.pixelpark.net.yaml index 4c3c2b5e..27d356e1 100644 --- a/customer/mbvd-odt/cms-odt-daimler-com.pixelpark.net.yaml +++ b/customer/mbvd-odt/cms-odt-daimler-com.pixelpark.net.yaml @@ -1,2 +1,215 @@ --- +accounts::users: + christian.heggemann: + apply: true + sudo: true + dirk-peter.krause: + apply: true + sudo: true + site::role: base +site::additional_classes: + - site::profile::apache + - apache::mod::proxy_ajp + - apache::mod::headers + - apache::mod::remoteip + +apache::mod:proxy: + proxy_via: 'Off' + +site::profile::apache::pp_vhosts: + int-cms: + docroot: '/var/lib/tomcat/catalina/odt-cms/webapps/ROOT' + docroot_owner: tomcat + docroot_group: tomcat + servername: cms-odt-daimler-com.pixelpark.net + ssl: true + ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem' + ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + rewrites: + - opencms_to_slash: + comment: '/opencms to /' + rewrite_rule: + - '^/opencms/(.*)$ /$1 [R,L]' + rewrites_non_ssl: + - https: + comment: 'all to https' + rewrite_rule: + - '^(.*)$ https://cms-odt-daimler-com.pixelpark.net$1 [L,R=301]' + - proxy_non_https: + rewrite_cond: + - '%%{ich-trickse}{REQUEST_URI} !^/(opencms|resources|export|skins|genImages|genImagesTemp|fonts)' + rewrite_rule: + - '^(.*)$ http://localhost:8080/opencms$1 [P,L]' + - 404handler_non_https: + comment: 'missing export to opencms' + rewrite_cond: + - '%%{ich-trickse}{REQUEST_URI} ^/export/(.*) [NC]' + - '%%{ich-trickse}{DOCUMENT_ROOT}%%{ich-trickse}{REQUEST_FILENAME} !-f' + rewrite_rule: + - '^(.*)$ http://localhost:8080/opencms/handle404?exporturi=%%{ich-trickse}{REQUEST_URI}&%%{ich-trickse}{QUERY_STRING} [P]' + rewrites_ssl: + - proxy_https: + rewrite_cond: + - '%%{ich-trickse}{REQUEST_URI} !^/(opencms|resources|export|skins|genImages|genImagesTemp|fonts)' + rewrite_rule: + - '^(.*)$ http://localhost:8081/opencms$1 [P,L]' + - 404handle_https: + comment: 'missing export to opencms' + rewrite_cond: + - '%%{ich-trickse}{REQUEST_URI} ^/export/(.*) [NC]' + - '%%{ich-trickse}{DOCUMENT_ROOT}%%{ich-trickse}{REQUEST_FILENAME} !-f' + rewrite_rule: + - '^(.*)$ http://localhost:8081/opencms/handle404?exporturi=%%{ich-trickse}{REQUEST_URI}&%%{ich-trickse}{QUERY_STRING} [P]' + proxy_preserve_host: true + int-mb: + docroot: '/var/lib/tomcat/catalina/odt-cms/webapps/ROOT' + docroot_owner: tomcat + docroot_group: tomcat + servername: int-newsletter-mercedes-benz-de.pixelpark.net + ssl: true + ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem' + ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + rewrites: + - opencms_to_slash: + comment: '/opencms to /' + rewrite_rule: + - '^/opencms/(.*)$ /$1 [R,L]' + rewrites_non_ssl: + - https: + comment: 'all to https' + rewrite_rule: + - '^(.*)$ https://cms-odt-daimler-com.pixelpark.net$1 [L,R=301]' + - proxy_non_https: + rewrite_cond: + - '%%{ich-trickse}{REQUEST_URI} !^/(opencms|resources|export|skins|genImages|genImagesTemp|fonts)' + rewrite_rule: + - '^(.*)$ http://localhost:8082/opencms$1 [P,L]' + - 404handler_non_https: + comment: 'missing export to opencms' + rewrite_cond: + - '%%{ich-trickse}{REQUEST_URI} ^/export/(.*) [NC]' + - '%%{ich-trickse}{DOCUMENT_ROOT}%%{ich-trickse}{REQUEST_FILENAME} !-f' + rewrite_rule: + - '^(.*)$ http://localhost:8082/opencms/handle404?exporturi=%%{ich-trickse}{REQUEST_URI}&%%{ich-trickse}{QUERY_STRING} [P]' + rewrites_ssl: + - proxy_https: + rewrite_cond: + - '%%{ich-trickse}{REQUEST_URI} !^/(opencms|resources|export|skins|genImages|genImagesTemp|fonts)' + rewrite_rule: + - '^(.*)$ http://localhost:8083/opencms$1 [P,L]' + - 404handle_https: + comment: 'missing export to opencms' + rewrite_cond: + - '%%{ich-trickse}{REQUEST_URI} ^/export/(.*) [NC]' + - '%%{ich-trickse}{DOCUMENT_ROOT}%%{ich-trickse}{REQUEST_FILENAME} !-f' + rewrite_rule: + - '^(.*)$ http://localhost:8083/opencms/handle404?exporturi=%%{ich-trickse}{REQUEST_URI}&%%{ich-trickse}{QUERY_STRING} [P]' + proxy_preserve_host: true + int-smart: + docroot: '/var/lib/tomcat/catalina/odt-cms/webapps/ROOT' + docroot_owner: tomcat + docroot_group: tomcat + servername: int-newsletter-smart-de.pixelpark.net + ssl: true + ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem' + ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + rewrites: + - opencms_to_slash: + comment: '/opencms to /' + rewrite_rule: + - '^/opencms/(.*)$ /$1 [R,L]' + rewrites_non_ssl: + - https: + comment: 'all to https' + rewrite_rule: + - '^(.*)$ https://cms-odt-daimler-com.pixelpark.net$1 [L,R=301]' + - proxy_non_https: + rewrite_cond: + - '%%{ich-trickse}{REQUEST_URI} !^/(opencms|resources|export|skins|genImages|genImagesTemp|fonts)' + rewrite_rule: + - '^(.*)$ http://localhost:8084/opencms$1 [P,L]' + - 404handler_non_https: + comment: 'missing export to opencms' + rewrite_cond: + - '%%{ich-trickse}{REQUEST_URI} ^/export/(.*) [NC]' + - '%%{ich-trickse}{DOCUMENT_ROOT}%%{ich-trickse}{REQUEST_FILENAME} !-f' + rewrite_rule: + - '^(.*)$ http://localhost:8084/opencms/handle404?exporturi=%%{ich-trickse}{REQUEST_URI}&%%{ich-trickse}{QUERY_STRING} [P]' + rewrites_ssl: + - proxy_https: + rewrite_cond: + - '%%{ich-trickse}{REQUEST_URI} !^/(opencms|resources|export|skins|genImages|genImagesTemp|fonts)' + rewrite_rule: + - '^(.*)$ http://localhost:8085/opencms$1 [P,L]' + - 404handle_https: + comment: 'missing export to opencms' + rewrite_cond: + - '%%{ich-trickse}{REQUEST_URI} ^/export/(.*) [NC]' + - '%%{ich-trickse}{DOCUMENT_ROOT}%%{ich-trickse}{REQUEST_FILENAME} !-f' + rewrite_rule: + - '^(.*)$ http://localhost:8085/opencms/handle404?exporturi=%%{ich-trickse}{REQUEST_URI}&%%{ich-trickse}{QUERY_STRING} [P]' + proxy_preserve_host: true + int-tw: + docroot: '/var/lib/tomcat/catalina/odt-cms/webapps/ROOT' + docroot_owner: tomcat + docroot_group: tomcat + servername: int-newsletter-truckworks-de.pixelpark.net + ssl: true + ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem' + ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + rewrites: + - opencms_to_slash: + comment: '/opencms to /' + rewrite_rule: + - '^/opencms/(.*)$ /$1 [R,L]' + rewrites_non_ssl: + - https: + comment: 'all to https' + rewrite_rule: + - '^(.*)$ https://cms-odt-daimler-com.pixelpark.net$1 [L,R=301]' + - proxy_non_https: + rewrite_cond: + - '%%{ich-trickse}{REQUEST_URI} !^/(opencms|resources|export|skins|genImages|genImagesTemp|fonts)' + rewrite_rule: + - '^(.*)$ http://localhost:8086/opencms$1 [P,L]' + - 404handler_non_https: + comment: 'missing export to opencms' + rewrite_cond: + - '%%{ich-trickse}{REQUEST_URI} ^/export/(.*) [NC]' + - '%%{ich-trickse}{DOCUMENT_ROOT}%%{ich-trickse}{REQUEST_FILENAME} !-f' + rewrite_rule: + - '^(.*)$ http://localhost:8086/opencms/handle404?exporturi=%%{ich-trickse}{REQUEST_URI}&%%{ich-trickse}{QUERY_STRING} [P]' + rewrites_ssl: + - proxy_https: + rewrite_cond: + - '%%{ich-trickse}{REQUEST_URI} !^/(opencms|resources|export|skins|genImages|genImagesTemp|fonts)' + rewrite_rule: + - '^(.*)$ http://localhost:8087/opencms$1 [P,L]' + - 404handle_https: + comment: 'missing export to opencms' + rewrite_cond: + - '%%{ich-trickse}{REQUEST_URI} ^/export/(.*) [NC]' + - '%%{ich-trickse}{DOCUMENT_ROOT}%%{ich-trickse}{REQUEST_FILENAME} !-f' + rewrite_rule: + - '^(.*)$ http://localhost:8087/opencms/handle404?exporturi=%%{ich-trickse}{REQUEST_URI}&%%{ich-trickse}{QUERY_STRING} [P]' + proxy_preserve_host: true + int-kampagnen: + servername: int-kampagnen-mercedes-benz-de.pixelpark.net + docroot: /var/www/html + ssl: true + ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem' + ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + proxy_preserve_host: true + rewrites_non_ssl: + - https: + comment: 'all to https' + rewrite_rule: + - '^(.*)$ https://kampagnen-mercedes-benz-de.pixelpark.net$1 [L,R=301]' + proxy_pass: + - { path: /, url: 'http://localhost:9000/' } diff --git a/customer/mbvd-odt/db-odt-daimler-com.pixelpark.net.yaml b/customer/mbvd-odt/db-odt-daimler-com.pixelpark.net.yaml index 4c3c2b5e..58c5e749 100644 --- a/customer/mbvd-odt/db-odt-daimler-com.pixelpark.net.yaml +++ b/customer/mbvd-odt/db-odt-daimler-com.pixelpark.net.yaml @@ -1,2 +1,61 @@ --- site::role: base +site::additional_classes: + - site::profile::pg_server + - site::profile::mongodb_server + - mongodb::globals + +site::profile::pg_server::version: '9.6' +postgresql::server::contrib::package_ensure: true +postgresql::server::locale: 'de_DE.UTF-8' +postgresql::server::ipv4acls: + - 'host openemm openemm 217.66.51.0/24 md5' + - 'host openemm_cms openemm 217.66.51.0/24 md5' + - 'host openemm_cms openemm 127.0.0.1/8 md5' + - 'host openemm_cms openemm 93.188.107.233/32 md5' +postgresql::repo::baseurl: 'http://repo.pixelpark.com/Linux/yum/pgsql/9.6/redhat/rhel-$releasever-$basearch' + +site::profile::pg_server::pgpw: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAkFafa2YcmiQDm4Ke++iIWS5cxwg3MGeVhiFZkrz4o7mwk05R2wXDIQdsP+2qQQgKJje2PTZqyICXNIhv8fraJYvRBkpNY730jdlFzaUIJjwBgdJTHxsqiU+IDReC+DMuqEyl9otu8NUkYVErWHPOR1dWYjBGF7BcyaYXOb4fCZD+tw4Y9EfkGJ2ZIQVIRDAp4mGFYAG9AHNJods2WIOnskTvzD/beXj2BxnN6nXTnJobFymw/L/HttaDza3qW8d1yeVdYqGXhjWrlqK1d/3nxuyfJNSfBe6Cbl40c7UaGeH73/E3WuzTNcv7H5o7tyberOC6jI2AbOzQ1kFz+r27IzBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBqEuxyHaOpRI67UG1wBtE6gCCV8Kzjc0vmC/ax42U9rBQow5KGBDwN1qiO1m+4iMJJUQ==] +site::profile::pg_server::dbs: + openemm: + password: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAvgkJk7wo+DG6Puq0sSKwhwoTd30li58A02PPlUZVyCr9Fz/JeS5saOm96xQghX6eKm0fJaMoGQ5zuCrS/LFkg3om8VdJW+XRhOjCvV7/8dY/97zbwO/rrPTWri9QBNYbGsSbT+EtycFcrnImSswDR7iETMPoKTHySQMQj3cFw8cWWQW3VVLeEdAZsJDfEw0/MiCiS/kUPxuVQd2OSds2936kixzvQO42PQcNdVuyI6ONW+XLUEr/ohIZbbanuSdy5XlAdVGyruxyuMPrPq8DPKQyvkKye5zmqvtkylzXh6FTQKBZQ0D2OxP7yD5xHWIS5VC4d3ZPMz92OUHylhmUBTBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDvY0eqm5BAAeBL+SbHsVTEgCB2FGo3AaYLc12Sr4zsapG6Hsu8U/BKt5QwlXBB7OFjVQ==] + network: 93.188.107.233/32 + opencms: + password: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAhQxoLns+J9htI/xcLtghq/7W1bz8w3wpsrN8+RzS243i26hKZZW2E76U7O2xf2AVFqnfQd6gH26BPJshP60tF4TNQAN8qtmMePF9zvTPcNSu24020AoLGVSLx7FtTLHbtiKRb303m8eqG0MsXK6cDViOtri9+3NkOgyryRP5yLl9iDNeRFUa1/SAua+HgjNOJhAIfA98mjX70yE7OE3Lbpd+rFgIuFdPopEDkUs9eOp/GYF/+y/s+RN+2eCvF9bP7S7GfFSBe4+B8tAA9Emf8MJ7Qg8Ip+GBtyWpUQ0kF90G8DB4o/YfXvqPGCoVHCOVblxHU9oq3NJv813svd9RjzBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBTS8lseKDKjjEZzjB1r3h1gCBVX6FopYnme/Uf4lQ6TMrolFrHKBb6yl4P43yNx18xQQ==] + network: 93.188.107.232/32 + opencms_cms: + password: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEACXLbTcqpVzK84W1L7ajsosptb0ox0CLmXL0MFI5hWUKIHWrO4daF2oIgDJU238lt7tnTdPsHdLX7XNeHPITIj+dXfd36uHM48ciCvfL0xTPqYb7c/8O8zJmsqfQg6DcZGub+o1igkNHUDJgXUQvhGB/78s2zGjIq12kAhHwVQL0bJ3dgj1CMMEwuANWswPla/5JFuA4PoJXWmn37LcF/kX0RyBDJGcxWEt/lhqsVYhaLRZHkqjOUSHBEz2vSH7qe1u0DsHhBbQNEDbB9sHLAPOWMKm9M5j+YSXcT6zHBxYhziHzacpABwbqtfSHzu9/5GRoKJbn8IgWmB7/EdcygTTBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBZN9c4MK4TrDEcJB3L28c8gCDycwY/DlVW4CXRwHZPRhj6gn9XM7Oo1Zs+2J3HjW9FNg==] + network: 93.188.107.232/32 + +site::profile::pg_server::configs: + shared_buffers: + value: '4096MB' + max_connections: + value: '200' + work_mem: + value: '16MB' + dynamic_shared_memory_type: + value: 'mmap' + shared_preload_libraries: + value: 'pg_stat_statements' + +site::profile::pg_server::backup::weeks_to_keep: 0 +site::profile::pg_server::backup::days_to_keep: 2 +site::profile::pg_server::backup::enable_plain_backups: false + +mongodb::globals::manage_package_repo: true +mongodb::globals::version: 3.4.2-1.el7 +mongodb::globals::bind_ip: 0.0.0.0 +mongodb::globals::repo_location: 'https://repo.pixelpark.com/Linux/yum/mongodb/7/mongodb-org-3.4/' +mongodb::server::auth: true +mongodb::server::store_creds: true +mongodb::server::admin_password: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAiFcpTTp72lGwYCc0F/0dqWJ6n17xcqps1qC+1vocsT6F25x7slaUtXtADUeMc3P0e/2OesoPs6Dsteh1Y6UH7NnM7GslRKzC0kk5uwXEdB510keh8Es8KO3SJolNgxEuoUZHf1hq/7gw3mOLnDss5HyromwbQpIBlTRm+Y/gGBwFmHRMWir3AyW581uCyFo+49K6f+t1eoYnDUA1O6a+XSj43mL1pEhHwIkiPYV8SjxXkmyOzQU3wkM2+8T7VzcLPrhTdhmf/N0HZmPgvfIzBnWruubYjzMNGhB/cY3ikiSli9rlakIF3E9pzIzIGPktqT6obB4cgqIcW4+F/u1+MDBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDmyxSZoxhMi6dqNlrcJB66gCCCOp5DdCQb7JraF6XE5idozpc9dL4b0XqY1I1M8vWm5w==] + +site::profile::mongodb_server::databases: + handraising: + user: handraising-mongo + password: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAN45CF/iUYbbd6ymBvfw+wlqmlEKwCw0rhbNuf1ux0r5Tkstg44G7vOEcSVcL9400mYwimsyZcXhS6Mshbgm7rnm3RN5qCccsxGGfB9/Pn09rpCd/Glxk6wwUjBH/VyE2r3ErCJVWTTM3PaoXlgVzzJdCAmMlvVSvHqtERSoqwAtubdDR2+zF1CEbwLk/HiSZxa+IWbK1pOHmwK+gGwec7UCXKB6qpH4Xn2NyLGpMJ4YDSWRqWmfnd2iptDPNQTHHPVQ5dWAc/8tJu45MOJXy2R9D9TOFN/KMTAr5xo4HatkygiBOn8zmJEmy7bGWw4MzZN+9uxy20wlDClaWwq8a0zBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCWx2dGaqu9zlWNxHn3QsVQgCBO0qfcsxrVK6Ee24nxOFjCGXTRxRPwm5WCCJwZ7Awb2A==] + roles: + - dbOwner +site::profile::mongodb_server::backup::db_username: 'backup' +site::profile::mongodb_server::backup::db_password: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAEsJU5NmDJYaC2oIM1nIp5U4bwgTzg9B1TkR81lnfxLZ7/2MAaGUV6+v/mKOvMNfSck2OTWKvWKte0mYoAWFHPpe8sYXwXWGffhbUbr4jt3eLqMvoesNyqyXzGWTIypStsnTmIJTzUSEKWH1W27dUqv7zyi2CnN2b++j3DWiOruGyM+1f5B599W2qeAJsNLRsAhdlHcwWAMZyLyrMokm1oDXLydIT15V0xsHhYEUV/wLUqgcpxb+L937MFDclJYf6eu27IDSF7/VE7V8B+UeBp4a3kOauPFWEmzMSMbzkGMjmvwmHQxGdaprnvt6UCS1NTl8dfzlzqGZPTdMEVAcbEDBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCNO1IDgu/4wd1PvPYyWMnQgCDxW2G2kbe+Rbmz4IJ7EsMTVqWLaK3g/ZRXIU/Vz6vlfw==] diff --git a/customer/mbvd-odt/int-cms-odt-daimler-com.pixelpark.net.yaml b/customer/mbvd-odt/int-cms-odt-daimler-com.pixelpark.net.yaml index 466e7a87..e99e0076 100644 --- a/customer/mbvd-odt/int-cms-odt-daimler-com.pixelpark.net.yaml +++ b/customer/mbvd-odt/int-cms-odt-daimler-com.pixelpark.net.yaml @@ -11,6 +11,8 @@ site::role: base site::additional_classes: - site::profile::apache - apache::mod::proxy_ajp + - apache::mod::headers + - apache::mod::remoteip apache::mod:proxy: proxy_via: 'Off' diff --git a/customer/mbvd-odt/int-odt-daimler-com.pixelpark.net.yaml b/customer/mbvd-odt/int-odt-daimler-com.pixelpark.net.yaml index de258f2a..0bd66d05 100644 --- a/customer/mbvd-odt/int-odt-daimler-com.pixelpark.net.yaml +++ b/customer/mbvd-odt/int-odt-daimler-com.pixelpark.net.yaml @@ -3,12 +3,8 @@ site::role: base site::additional_classes: - site::profile::apache - apache::mod::proxy_ajp - -sudo::configs: - runasopenemm: - priority: "06" - content: | - %pixel ALL=(openemm) NOPASSWD: ALL + - apache::mod::remoteip + - apache::mod::headers site::profile::apache::pp_vhosts: odt: diff --git a/customer/mbvd-odt/odt-daimler-com.pixelpark.net.yaml b/customer/mbvd-odt/odt-daimler-com.pixelpark.net.yaml index 4c3c2b5e..ab0c24dd 100644 --- a/customer/mbvd-odt/odt-daimler-com.pixelpark.net.yaml +++ b/customer/mbvd-odt/odt-daimler-com.pixelpark.net.yaml @@ -1,2 +1,41 @@ --- site::role: base +site::additional_classes: + - site::profile::apache + - apache::mod::proxy_ajp + - apache::mod::remoteip + - apache::mod::headers + +site::profile::apache::pp_vhosts: + odt: + docroot: '/var/www' + servername: odt-daimler-com.pixelpark.net + serveraliases: + - odt.daimler.com + ssl: true + ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem' + ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + ssl_verify_client: require + #ssl_crl_check: chain + #ssl_crl: '/etc/pki/tls/certs/odt-cacrl.pem' + ssl_ca: '/etc/pki/tls/certs/odt-root-ca.pem' + rewrites_non_ssl: + - https: + comment: 'almost all to https' + rewritecond: + - '%{ich-trickse}{REQUEST_URI} !^/.\.html' + rewrite_rule: + - '^(.*)$ https://odt-daimler-com.pixelpark.net$1 [L,R=301]' + proxy_preserve_host: true + proxy_pass: + - { path: /, url: 'ajp://localhost:8009/' } + directories: + - webservice: + provider: location + path: '/emm_webservice' + require: + - 'ip 93.188.107.192/26' + - 'ip 217.66.50.0/24' + - 'ip 217.66.51.0/24' + ssl_verify_client: none -- 2.39.5