-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use web::vhost in web::jenkins #2144
base: master
Are you sure you want to change the base?
Conversation
Stdlib::Fqdn $hostname = 'ci.theforeman.org', | ||
Stdlib::Absolutepath $webroot = '/var/www/vhosts/jenkins/htdocs', | ||
Boolean $https = false, | ||
) { | ||
include web::base |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
web::vhost
requires web
which includes web::base
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I kept it in because we use $apache::user
and $apache::group
as docroot owners. I'm not sure we actually need that though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Dropped the docroot ownership.
group => 'root', | ||
mode => '0755', | ||
} | ||
|
||
if $https { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this use web::https
instead, and drop the https
param?
Otherwise you set web::jenkins::https
to false, but web::vhost
still uses web::https
and tries to build a cert
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That would be more consistent with web::vhost::web
. Further looking at that, we can probably also align those 2 on redirecting HTTP to HTTPS. I'll look a bit further.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've not implemented the HTTP to HTTPS redirect in web::vhost
, but I now include web
and use $web::https
.
Now that web::vhost handles the certificate properly, web::jenkins can take advantage of it. It needs some special handling to make the HTTP vhost redirect if HTTPS is enabled and that's why http_attrs and https_attrs are introduced in web::vhost. The X-Forwarded-Proto header is rewritten to use the REQUEST_SCHEME variable to automatically get the correct value.
a90b781
to
3af0a02
Compare
Now that
web::vhost
handles the certificate properly,web::jenkins
can take advantage of it. It needs some special handling to make the HTTP vhost redirect if HTTPS is enabled and that's whyhttp_attrs
andhttps_attrs
are introduced in web::vhost.The
X-Forwarded-Proto
header is rewritten to use theREQUEST_SCHEME
variable to automatically get the correct value.Currently untested.