From e6bb368d66c8c45e020cd466fcbad24f2aac5241 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Oliver=20B=C3=B6ttcher?= Date: Mon, 21 Aug 2017 16:34:57 +0200 Subject: [PATCH] ODT - fix SSL --- .../odt-daimler-com.pixelpark.net.yaml | 71 ++++++++++++++++++- 1 file changed, 68 insertions(+), 3 deletions(-) diff --git a/customer/mbvd-odt/odt-daimler-com.pixelpark.net.yaml b/customer/mbvd-odt/odt-daimler-com.pixelpark.net.yaml index d3fabba5..210ba6df 100644 --- a/customer/mbvd-odt/odt-daimler-com.pixelpark.net.yaml +++ b/customer/mbvd-odt/odt-daimler-com.pixelpark.net.yaml @@ -6,6 +6,7 @@ infra::additional_classes: - apache::mod::remoteip - apache::mod::headers - infra::profile::cron + - logstash infra::profile::apache::pp_vhosts: @@ -24,7 +25,6 @@ infra::profile::apache::pp_vhosts: ssl_verify_client: require ssl_crl: '/etc/pki/tls/certs/odt-cacrl.pem' ssl_ca: '/etc/pki/tls/certs/odt-root-ca.pem' - custom_fragment_ssl: 'SSLRequire %%{ich-trickse}{SSL_CLIENT_S_DN_O} eq "ODT"' rewrites_non_ssl: - https: comment: 'almost all to https' @@ -34,8 +34,17 @@ infra::profile::apache::pp_vhosts: - '^(.*)$ https://int-odt-daimler-com.pixelpark.net$1 [L,R=301]' proxy_preserve_host: true proxy_pass: + - { path: /teilenews-service, url: 'http://localhost:8082/teilenews-service' } + - { path: /newsletterservice, url: 'http://localhost:8081/newsletterservice' } - { path: /, url: 'ajp://localhost:8009/' } - directories: + directories_ssl: + - slash: + provider: location + path: '/' + custom_fragment: | + # enabled until merge of 71e4c530d286b8f11863d16ee94bc2f28f800cce + SSLRequire %%{ich-trickse}{SSL_CLIENT_I_DN_O} eq "ODT" + SSLVerifyClient require - webservice: provider: location path: '/emm_webservice' @@ -43,7 +52,28 @@ infra::profile::apache::pp_vhosts: - 'ip 93.188.107.192/26' - 'ip 217.66.50.0/24' - 'ip 217.66.51.0/24' - custom_fragment: "SSLVerifyClient none" + - newsletterservice: + provider: location + path: '/newsletterservice' + require: + - ip 217.66.51.0/24 + - ip 217.66.50.0/24 + - ip 217.66.56.0/24 + - ip 213.61.96.226 + - ip 176.28.25.242 + - ip 100.97.70.141 + - ip 37.120.57.39 + - ip 46.30.59.148 + - ip 82.165.141.125 + - ip 37.120.103.75 + - ip 83.125.19.254 + - ip 192.168.170.49 + - ip 192.168.170.53 + - ip 192.168.170.52 + - ip 54.205.87.231 + - ip 86.56.52.27 + - ip 100.97.127.4 + - ip 37.202.1.232 infra::profile::cron::cronjobs: fetchcrl: @@ -52,3 +82,38 @@ infra::profile::cron::cronjobs: minute: 0 hour: 5 description: um 05:00 Uhr wird die Revocationlist vom User openemm geholt. somit muss der Webserver restarted werden + +logstash::filter: + - journald + +logstash::generic_resource: + mbvd-teilenews-service: + resource: pipe + order: 10 + parameters: + command: '/bin/journalctl -o cat -fl -u mbvd-teilenews-service.service' + type: webapp + tags: + - 'int' + - "%{customer}" + - "mbvd-teilenews-service" + codec: + type: multiline + what: previous + pattern: "^%%{ich-trickse}{TIMESTAMP_ISO8601}" + negate: true + odt-newsletter-service: + resource: pipe + order: 10 + parameters: + command: '/bin/journalctl -o cat -fl -u odt-newsletter-service.service' + type: webapp + tags: + - 'int' + - "%{customer}" + - "odt-newsletter-service" + codec: + type: multiline + what: previous + pattern: "^%%{ich-trickse}{TIMESTAMP_ISO8601}" + negate: true -- 2.39.5