diff --git a/puppet/modules/web/manifests/jenkins.pp b/puppet/modules/web/manifests/jenkins.pp index 5d3f4709f..6e6615d36 100644 --- a/puppet/modules/web/manifests/jenkins.pp +++ b/puppet/modules/web/manifests/jenkins.pp @@ -1,25 +1,17 @@ -class web::jenkins( +class web::jenkins ( Stdlib::Fqdn $hostname = 'ci.theforeman.org', - Stdlib::Absolutepath $webroot = '/var/www/vhosts/jenkins/htdocs', Boolean $https = false, ) { include web::base - $proxy_pass = { - 'path' => '/', - 'url' => 'http://localhost:8080/', - 'keywords' => ['nocanon'], - 'no_proxy_uris' => ['/.well-known'], - } - - if $https { - include web::letsencrypt - - letsencrypt::certonly { $hostname: - plugin => 'webroot', - domains => [$hostname], - webroot_paths => [$webroot], - } + $proxy_attrs = { + 'allow_encoded_slashes' => 'nodecode', + 'proxy_pass' = { + 'path' => '/', + 'url' => 'http://localhost:8080/', + 'keywords' => ['nocanon'], + 'no_proxy_uris' => ['/.well-known'], + }, } if $facts['os']['selinux']['enabled'] { @@ -29,50 +21,26 @@ } } - file { dirname($webroot): - ensure => directory, - owner => 'root', - group => 'root', - mode => '0755', - } - if $https { $url = "https://${hostname}" - - apache::vhost { 'jenkins': - port => 80, - servername => $hostname, - docroot => $webroot, - docroot_owner => $apache::user, - docroot_group => $apache::group, - redirect_dest => "https://${hostname}/", - } - apache::vhost { 'jenkins-https': - port => 443, - servername => $hostname, - docroot => $webroot, - docroot_owner => $apache::user, - docroot_group => $apache::group, - proxy_pass => $proxy_pass, - allow_encoded_slashes => 'nodecode', - request_headers => ['set X-Forwarded-Proto "https"'], - ssl => true, - ssl_cert => "/etc/letsencrypt/live/${hostname}/fullchain.pem", - ssl_chain => "/etc/letsencrypt/live/${hostname}/chain.pem", - ssl_key => "/etc/letsencrypt/live/${hostname}/privkey.pem", - require => Letsencrypt::Certonly[$hostname], + $http_attrs = { + 'redirect_dest' => "${url}/", } + $https_attrs = $proxy_attrs } else { $url = "http://${hostname}" + $http_attrs = $proxy_attrs + $https_attrs = {} + } - apache::vhost { 'jenkins': - port => 80, - servername => $hostname, - docroot => $webroot, - docroot_owner => $apache::user, - docroot_group => $apache::group, - proxy_pass => $proxy_pass, - allow_encoded_slashes => 'nodecode', - } + web::vhost { 'jenkins': + servername => $hostname, + docroot_owner => $apache::user, + docroot_group => $apache::user, + http_attrs => $http_attrs, + https_attrs => $https_attrs, + attrs => { + 'request_headers' => ['set X-Forwarded-Proto expr=%{REQUEST_SCHEME}'], + }, } } diff --git a/puppet/modules/web/manifests/vhost.pp b/puppet/modules/web/manifests/vhost.pp index 5de5bcb17..f2234eeff 100644 --- a/puppet/modules/web/manifests/vhost.pp +++ b/puppet/modules/web/manifests/vhost.pp @@ -29,6 +29,8 @@ Optional[String] $docroot_group = undef, Optional[Stdlib::Filemode] $docroot_mode = undef, Hash[String, Any] $attrs = {}, + Hash[String, Any] $http_attrs = {}, + Hash[String, Any] $https_attrs = {}, ) { require web @@ -48,7 +50,7 @@ docroot_owner => $docroot_owner, docroot_group => $docroot_group, docroot_mode => $docroot_mode, - * => $attrs, + * => $http_attrs + $attrs, } if $web::https { @@ -74,7 +76,7 @@ ssl_chain => "${letsencrypt::config_dir}/live/${servername}/chain.pem", ssl_key => "${letsencrypt::config_dir}/live/${servername}/privkey.pem", require => Letsencrypt::Certonly[$servername], - * => $attrs, + * => $https_attrs + $attrs, } } }