From 3e769e56a302c0dabdd1160705b1d81c23e85599 Mon Sep 17 00:00:00 2001
From: Monty Taylor <mordred@inaugust.com>
Date: Sat, 4 Aug 2012 13:10:26 -0500
Subject: [PATCH] Align all web server usage on apache module.

Change-Id: Idd712a8ee5ec81c6b88b7d3e2270dce4da254927
Reviewed-on: https://review.openstack.org/10838
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
---
 manifests/apache.pp              | 58 ++++++++++++++++++++++++++++++
 manifests/init.pp                |  2 +-
 manifests/nginx.pp               | 62 --------------------------------
 templates/etherpadlite.vhost.erb | 44 +++++++++++++++++++++++
 templates/nginx.erb              | 29 ---------------
 5 files changed, 103 insertions(+), 92 deletions(-)
 create mode 100644 manifests/apache.pp
 delete mode 100644 manifests/nginx.pp
 create mode 100644 templates/etherpadlite.vhost.erb
 delete mode 100644 templates/nginx.erb

diff --git a/manifests/apache.pp b/manifests/apache.pp
new file mode 100644
index 0000000..f4817db
--- /dev/null
+++ b/manifests/apache.pp
@@ -0,0 +1,58 @@
+class etherpad_lite::apache (
+  $vhost_name = $fqdn,
+  $etherpad_crt,
+  $etherpad_key
+) {
+
+  include remove_nginx
+
+  apache::vhost { $vhost_name:
+    post => 443,
+    docroot => 'MEANINGLESS ARGUMENT',
+    priority => '50',
+    template => 'etherpadlite/etherpadlite.vhost.erb',
+    require => File["/etc/ssl/certs/${vhost_name}.pem",
+                    "/etc/ssl/private/${vhost_name}.key"],
+    ssl => true,
+  }
+  a2mod { 'rewrite':
+    ensure => present
+  }
+  a2mod { 'proxy':
+    ensure => present
+  }
+  a2mod { 'proxy_http':
+    ensure => present
+  }
+
+  file { '/etc/ssl/certs':
+    ensure => directory,
+    owner  => 'root',
+    mode   => 0700,
+  }
+
+  file { '/etc/ssl/private':
+    ensure => directory,
+    owner  => 'root',
+    mode   => 0700,
+  }
+
+  file { "/etc/ssl/cert/${vhost_name}.pem":
+    ensure  => present,
+    replace => true,
+    owner   => 'root',
+    mode    => 0600,
+    content => template('etherpad_lite/eplite.crt.erb'),
+    require => Apache::Vhost[$vhost_name],
+  }
+
+  file { '/etc/ssl/private/${vhost_name}.key':
+    ensure  => present,
+    replace => true,
+    owner   => 'root',
+    mode    => 0600,
+    content => template('etherpad_lite/eplite.key.erb'),
+    require => Apache::Vhost[$vhost_name],
+  }
+
+}
diff --git a/manifests/init.pp b/manifests/init.pp
index b5c7eba..1a6da2c 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -38,7 +38,7 @@ define buildsource(
 # include etherpad_lite
 # include etherpad_lite::mysql # necessary to use mysql as the backend
 # include etherpad_lite::site # configures etherpad lite instance
-# include etherpad_lite::nginx # will add reverse proxy on localhost
+# include etherpad_lite::apache # will add reverse proxy on localhost
 # The defaults for all the classes should just work (tm)
 #
 #
diff --git a/manifests/nginx.pp b/manifests/nginx.pp
deleted file mode 100644
index bb7574b..0000000
--- a/manifests/nginx.pp
+++ /dev/null
@@ -1,62 +0,0 @@
-class etherpad_lite::nginx (
-  $default_server = 'default_server',
-  $server_name    = $fqdn,
-  $etherpad_crt,
-  $etherpad_key
-) {
-
-  package { 'nginx':
-    ensure => present
-  }
-
-  file { '/etc/nginx/sites-enabled/default':
-    ensure  => absent,
-    require => Package['nginx'],
-    notify  => Service['nginx']
-  }
-
-  file { '/etc/nginx/sites-available/etherpad-lite':
-    ensure  => present,
-    content => template('etherpad_lite/nginx.erb'),
-    replace => 'true',
-    owner   => 'root',
-    require => File['/etc/nginx/ssl/eplite.crt', '/etc/nginx/ssl/eplite.key'],
-    notify  => Service['nginx']
-  }
-
-  file { '/etc/nginx/sites-enabled/etherpad-lite':
-    ensure => link,
-    target => '/etc/nginx/sites-available/etherpad-lite'
-  }
-
-  file { '/etc/nginx/ssl':
-    ensure => directory,
-    owner  => 'root',
-    mode   => 0700,
-  }
-
-  file { '/etc/nginx/ssl/eplite.crt':
-    ensure  => present,
-    replace => true,
-    owner   => 'root',
-    mode    => 0600,
-    content => template('etherpad_lite/eplite.crt.erb'),
-    require => Package['nginx'],
-  }
-
-  file { '/etc/nginx/ssl/eplite.key':
-    ensure  => present,
-    replace => true,
-    owner   => 'root',
-    mode    => 0600,
-    content => template('etherpad_lite/eplite.key.erb'),
-    require => Package['nginx'],
-  }
-
-  service { 'nginx':
-    enable     => true,
-    ensure     => running,
-    hasrestart => true
-  }
-
-}
diff --git a/templates/etherpadlite.vhost.erb b/templates/etherpadlite.vhost.erb
new file mode 100644
index 0000000..64cb289
--- /dev/null
+++ b/templates/etherpadlite.vhost.erb
@@ -0,0 +1,44 @@
+<VirtualHost <%= scope.lookupvar("etherpad_lite::vhost_name") %>:80>
+  ServerAdmin <%= scope.lookupvar("etherpad_lite::serveradmin") %>
+
+  ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::vhost_name") %>-error.log
+
+  LogLevel warn
+
+  CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::vhost_name") %>-access.log combined
+
+  Redirect / https://<%= scope.lookupvar("etherpad_lite::vhost_name") %>/
+
+</VirtualHost>
+
+<IfModule mod_ssl.c>
+<VirtualHost <%= scope.lookupvar("etherpad_lite::vhost_name") %>:443>
+  ServerName <%= scope.lookupvar("etherpad_lite::vhost_name") %>
+  ServerAdmin <%= scope.lookupvar("etherpad_lite::serveradmin") %>
+
+  ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::vhost_name") %>-ssl-error.log
+
+  LogLevel warn
+
+  CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::vhost_name") %>-ssl-access.log combined
+
+  SSLEngine on
+
+  SSLCertificateFile /etc/ssl/certs/<%= scope.lookupvar("etherpad_lite::vhost_name") %>.pem
+  SSLCertificateKeyFile /etc/ssl/private/<%= scope.lookupvar("etherpad_lite::vhost_name") %>.key
+
+  BrowserMatch "MSIE [2-6]" \
+      nokeepalive ssl-unclean-shutdown \
+      downgrade-1.0 force-response-1.0
+  # MSIE 7 and newer should be able to use keepalive
+  BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+  RewriteEngine on
+  RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("etherpad_lite::vhost_name") %>
+  RewriteRule ^.*$ https://<%= scope.lookupvar("etherpad_lite::vhost_name") %>
+  RewriteRule ^/(.*)$ http://localhost:9001/$1 [P]
+
+  ProxyPassReverse / http://localhost:9001/
+
+</VirtualHost>
+</IfModule>
diff --git a/templates/nginx.erb b/templates/nginx.erb
deleted file mode 100644
index a816749..0000000
--- a/templates/nginx.erb
+++ /dev/null
@@ -1,29 +0,0 @@
-server {
-        listen       443 <%= default_server %>;
-        server_name  <%= server_name %>;
-
-        access_log  /var/log/nginx/eplite.access.log;
-        error_log   /var/log/nginx/eplite.error.log;
-
-        ssl                  on;
-        ssl_certificate      /etc/nginx/ssl/eplite.crt;
-        ssl_certificate_key  /etc/nginx/ssl/eplite.key;
-
-        ssl_session_timeout  5m;
-
-        ssl_protocols  SSLv2 SSLv3 TLSv1;
-        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
-        ssl_prefer_server_ciphers   on;
-
-        location / {
-            proxy_pass             http://localhost:9001/;
-            proxy_set_header       Host $host;
-            proxy_buffering off;
-        }
-}
-
-server {
-    listen       80 <%= default_server %>;
-    server_name  <%= server_name %>;
-    rewrite     ^(.*)   https://$server_name$1 permanent;
-}