Puppetlabs-Apache: enable both 80 and 443 for virtualhost - apache

I'm relatively new to puppet and currently working on 'puppetlabs-apache' module. I'm missing something while setting both ssl and non-ssl on a virtual-host.
Manifest applied:
include apache
include apache::mod::rewrite
#apache::vhost { 'site.mydomain.com':
# port => '80',
# docroot => '/var/www/site',
# rewrite_rule => '(.*) https://site.mydomain.com [R,L]',
#}
apache::vhost { 'site.mydomain.com':
port => '443',
ssl => true,
docroot => '/var/www/site',
docroot_owner => 'www-data',
docroot_group => 'www-data',
# rewrite_rule => '(.*) https://site.mydomain.com [R,L]',
}
The thing is I don't need the non-ssl (80 port), but all requests should redirect to 443.
If I comment out the first vhost definition of site.mydomain.com for port 80, it throws an error:
Error 400 on SERVER: Duplicate declaration: Apache::Vhost[site2.mydomain.com] is already declared in file..
Not sure what I'm missing here. What should I do to make this permanent redirect happen?
http://site2.mydomain.com/ => https://site2.mydomain.com/

To configure a virtual host to redirect unencrypted connections to SSL, declare them with separate apache::vhost defined types and redirect unencrypted requests to the virtual host with SSL enabled:
apache::vhost { 'site.mydomain.com:80':
servername => 'site.mydomain.com',
port => '80',
docroot => '/var/www/site',
rewrite_rule => '(.*) https://site.mydomain.com [R,L]',
redirect_status => 'permanent',
redirect_dest => 'https://site.mydomain.com'
}
apache::vhost { 'site.mydomain.com:443':
servername => 'site.mydomain.com',
port => '443',
ssl => true,
docroot => '/var/www/site',
docroot_owner => 'www-data',
docroot_group => 'www-data',
rewrite_rule => '(.*) https://site.mydomain.com [R,L]',
}
You also needed those additional redirect attributes for the non-ssl virtualhost resource. Since apache::vhost is a defined resource type with no namevar, you can circumvent the multiple resource declaration issue by using two unique and purely cosmetic resource titles.

Working out Matt's answer and error while running it made me come at following answer.
apache::vhost { 'site.mydomain.com:80' ... }
apache::vhost { 'site.mydomain.com:443' : ...}
Thanks,

Related

Lighttpd Reverse Proxy with Pi-hole

Aware this question has being asked a few times and I've read a lot of the solutions but I still cannot get my reverse proxy to work.
I have a Raspberry Pi with Pi-hole.
Hostname: pi-hole.local
IP address: 192.168.1.254
Lighttpd port: 8080
I want to visit http://pi-hole.local in my browser without :8080 and view the Pi-hole admin page.
ATM, I have to type http://pi-hole.local:8080.
I have added mod_proxy to:
server.modules = (
...
mod_proxy
...
)
I have server.port = 8080 and I have this block:
$HTTP["url"] =~ "pi-hole.local" {
proxy.server = ( "" => ("" => ( "host" => "192.168.1.254", "port" => 8080 )))
}
pi-hole.local is the URI authority, not the url-path.
$HTTP["host"] =~ "pi-hole.local" {
proxy.server = ( "" => ("" => ( "host" => "192.168.1.254", "port" => 8080 )))
}
Separately, for http://pi-hole.local to work, lighttpd also needs to be listening on port 80. Is that the case on your system? Is something else listening on port 80? If not, then $SERVER["socket"] == "*:80" {} will have lighttpd additionally listening on port 80, in addition to server.port = 8080. However, I have not looked into how pi-hole uses this, so you should test that pi-hole still works the way you want it to.
Instead of mod_proxy, a better way might be mod_redirect.
server.modules += ("mod_redirect")
$HTTP["host"] =~ "pi-hole.local" {
url.redirect = ("" => "http://pi-hole.local:8080${url.path}${qsa}")
}

Laravel 5.3, using api.example.com to example.com/api

How to route api.example.com to example.com/api so i can just
api.example.com/v1/users
than using
example.com/api/v1/users.
I'm using nginx, thank you.
Ensure these 2 steps are in place.
Check your nginx configuration /etc/nginx/conf.d/example.conf and include the domain in the server_name like so:
server_name example.com api.example.com;
Check that you have a route setup within the routes/api.php file. Using the sub-domain group is optional but be sure that you have the correct routes.
Example of using domain group:
Route::group(['domain' => 'api.example.com'], function () {
Route::get('/v1/users', ['as' => 'api.users.index', 'uses' => 'UserController#index']);
}
Example without use of domain group and allowing for both URL to point to the same Controller (be sure to define its own route names as per the 'as').
Route::get('/v1/users', ['as' => 'api.users.index', 'uses' => 'UserController#index']);
Route::get('/api/v1/users', ['as' => 'users.index', 'uses' => 'UserController#index']);
Update:
Refer to official Laravel 5.3 documentation regarding the use of sub-domain routes https://laravel.com/docs/5.3/routing#route-group-sub-domain-routing

lighttpd: How to forward port (visible only to localhost) to WAN after authentication?

I have a webcam stream only accessible on the host machine via http://localhost:1234
This stream has no authentication.
I would like to setup a lightweight http server that listens on port 80 for outside connections, prompts for username and password, and then forwards the stream from localhost:1234
How do I do this?
Lighttpd can do this.
The following config files will forward requests to http://domain.com/ => http://localhost:1234/ requesting a http basic auth first.
lighttpd.conf
## Add auth and proxy mods to your existing modules list
server.modules = (
"mod_auth",
"mod_proxy"
)
$HTTP["host"] == "domain.com" {
auth.backend = "plain"
auth.backend.plain.userfile = "lighttpd-plain.user"
auth.require = (
"/" => (
"method" => "basic",
"realm" => "MyWebcam",
"require" => "valid-user"
)
)
proxy.server = (
"/" => (
(
"host" => "127.0.0.1",
"port" => 1234
)
)
)
}
lighttpd-plain.user
webcamuser:webcampassword
Make sure you load mod_auth before mod_proxy in server.modules, getting them in the wrong order can make lighty panic.

Puppet apach::vhost ssl_cert, ssl_key are not being created

Im trying to puppetize a server, and in the .pp apache config file I have:
apache::vhost { "000-default-ssl":
servername => "$sitename",
serveraliases => ["$sitename"],
serveradmin => 'webmaster#localhost',
port => '443',
docroot => "/path/to/docroot",
access_log_file => 'ssl-access.log',
error_log_file => 'ssl-error.log',
ssl => true,
ssl_cert => '/data/ssl/www/365_acdsee_com.crt',
ssl_key => '/data/ssl/www/365_acdsee_com.key',
#...morecode...
}
And when I run it, the file 000-default-ssl.conf is made and everything, but then when i look in /data/ssl/www/ it's empty. neither 365_acdsee_com.crt, or 365_acdsee_com.key are there.
So my question is: Is declaring the lines ssl_key and ssl_cert supposed to create the certificate and key, or do I have to have something else that generates them, and if not why isnt it making the files???
Is declaring the lines ssl_key and ssl_cert supposed to create the certificate and key ?
No. It will not generate cert and/or key. You have to generate these files manually or get from some cert provider.
Look at the source code of vhost.pp. These values are used to generate config file ${priority_real}${filename}.conf, from the _ssl.erb

Enabling .htaccess files via puppet

I'm trying to enable .htaccess files in Apache using Vagrant and Puppet. When I add the "override" parameter to my vhost config and run "vagrant up", I get an error:
Invalid parameter override in [...]
When I remove that line, the vm boots perfectly and runs. Except, .htaccess files are ignored.
Here's my vhost config:
apache::vhost { 'local.testsite':
server_name => 'local.testsite',
serveraliases => [],
docroot => '/var/www/',
port => '80',
env_variables => [],
priority => '1',
override => ["All"],
}
Why am I getting this error and how can I fix it?
If you are using the latest version of the puppetlabs-apache module
I see an *allow_override* attribute and not override
https://github.com/puppetlabs/puppetlabs-apache#allow_override