diff options
Diffstat (limited to 'src/Propellor')
| -rw-r--r-- | src/Propellor/Property/Apache.hs | 35 | ||||
| -rw-r--r-- | src/Propellor/Property/SiteSpecific/JoeySites.hs | 24 |
2 files changed, 38 insertions, 21 deletions
diff --git a/src/Propellor/Property/Apache.hs b/src/Propellor/Property/Apache.hs index 709c1753..5b8128a4 100644 --- a/src/Propellor/Property/Apache.hs +++ b/src/Propellor/Property/Apache.hs @@ -15,7 +15,9 @@ restarted = Service.restarted "apache2" reloaded :: Property NoInfo reloaded = Service.reloaded "apache2" -type ConfigFile = [String] +type ConfigLine = String + +type ConfigFile = [ConfigLine] siteEnabled :: Domain -> ConfigFile -> RevertableProperty NoInfo siteEnabled domain cf = siteEnabled' domain cf <!> siteDisabled domain @@ -101,7 +103,7 @@ multiSSL = check (doesDirectoryExist "/etc/apache2/conf.d") $ -- -- Works with multiple versions of apache that have different ways to do -- it. -allowAll :: String +allowAll :: ConfigLine allowAll = unlines [ "<IfVersion < 2.4>" , "Order allow,deny" @@ -112,12 +114,27 @@ allowAll = unlines , "</IfVersion>" ] +-- | Config file fragment that can be inserted into a <VirtualHost> +-- stanza to allow apache to display directory index icons. +iconDir :: ConfigLine +iconDir = unlines + [ "<Directory \"/usr/share/apache2/icons\">" + , "Options Indexes MultiViews" + , "AllowOverride None" + , allowAll + , " </Directory>" + ] + type WebRoot = FilePath -- | A basic virtual host, publishing a directory, and logging to -- the combined apache log file. Not https capable. virtualHost :: Domain -> Port -> WebRoot -> RevertableProperty NoInfo -virtualHost domain (Port p) docroot = siteEnabled domain +virtualHost domain (Port p) docroot = virtualHost' domain (Port p) docroot [] + +-- | Like `virtualHost` but with additional config lines added. +virtualHost' :: Domain -> Port -> WebRoot -> [ConfigLine] -> RevertableProperty NoInfo +virtualHost' domain (Port p) docroot addedcfg = siteEnabled domain $ [ "<VirtualHost *:"++show p++">" , "ServerName "++domain++":"++show p , "DocumentRoot " ++ docroot @@ -125,7 +142,9 @@ virtualHost domain (Port p) docroot = siteEnabled domain , "LogLevel warn" , "CustomLog /var/log/apache2/access.log combined" , "ServerSignature On" - , "</VirtualHost>" + ] + ++ addedcfg ++ + [ "</VirtualHost>" ] -- | A virtual host using https, with the certificate obtained @@ -138,7 +157,11 @@ virtualHost domain (Port p) docroot = siteEnabled domain -- > httpsVirtualHost "example.com" "/var/www" -- > (LetsEncrypt.AgreeTos (Just "me@my.domain")) httpsVirtualHost :: Domain -> WebRoot -> LetsEncrypt.AgreeTOS -> Property NoInfo -httpsVirtualHost domain docroot letos = setup +httpsVirtualHost domain docroot letos = httpsVirtualHost' domain docroot letos [] + +-- | Like `httpsVirtualHost` but with additional config lines added. +httpsVirtualHost' :: Domain -> WebRoot -> LetsEncrypt.AgreeTOS -> [ConfigLine] -> Property NoInfo +httpsVirtualHost' domain docroot letos addedcfg = setup `requires` modEnabled "rewrite" `requires` modEnabled "ssl" `before` LetsEncrypt.letsEncrypt letos domain docroot certinstaller @@ -176,6 +199,6 @@ httpsVirtualHost domain docroot letos = setup , "LogLevel warn" , "CustomLog /var/log/apache2/access.log combined" , "ServerSignature On" - ] ++ ls ++ + ] ++ ls ++ addedcfg ++ [ "</VirtualHost>" ] diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 03f2efcb..0bb98489 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -18,6 +18,7 @@ import qualified Propellor.Property.Apache as Apache import qualified Propellor.Property.Postfix as Postfix import qualified Propellor.Property.Systemd as Systemd import qualified Propellor.Property.Fail2Ban as Fail2Ban +import qualified Propellor.Property.LetsEncrypt as LetsEncrypt import Utility.FileMode import Data.List @@ -290,24 +291,21 @@ annexWebSite origin hn uuid remotes = propertyList (hn ++" website using git-ann , "git update-server-info" ] addremote (name, url) = "git remote add " ++ shellEscape name ++ " " ++ shellEscape url - setupapache = apacheSite hn True + setupapache = Apache.httpsVirtualHost' hn dir letos [ " ServerAlias www."++hn - , "" - , " DocumentRoot /srv/web/"++hn - , " <Directory /srv/web/"++hn++">" - , " Options FollowSymLinks" - , " AllowOverride None" - , Apache.allowAll - , " </Directory>" - , " <Directory /srv/web/"++hn++">" + , Apache.iconDir + , " <Directory "++dir++">" , " Options Indexes FollowSymLinks ExecCGI" , " AllowOverride None" , " AddHandler cgi-script .cgi" , " DirectoryIndex index.html index.cgi" - , Apache.allowAll + , Apache.allowAll , " </Directory>" ] +letos :: LetsEncrypt.AgreeTOS +letos = LetsEncrypt.AgreeTOS (Just "id@joeyh.name") + apacheSite :: HostName -> Bool -> Apache.ConfigFile -> RevertableProperty NoInfo apacheSite hn withssl middle = Apache.siteEnabled hn $ apachecfg hn withssl middle @@ -329,11 +327,7 @@ apachecfg hn withssl middle , " CustomLog /var/log/apache2/access.log combined" , " ServerSignature On" , " " - , " <Directory \"/usr/share/apache2/icons\">" - , " Options Indexes MultiViews" - , " AllowOverride None" - , Apache.allowAll - , " </Directory>" + , Apache.iconDir , "</VirtualHost>" ] where |