From bf6d20335972492eb135138f9cf76d45c05471db Mon Sep 17 00:00:00 2001 From: Homme Bitter Date: Fri, 2 Nov 2018 15:53:41 +0100 Subject: [PATCH 1/2] fixed https --- manifests/database.pp | 1 + manifests/init.pp | 1 + manifests/install.pp | 6 +-- manifests/webserver.pp | 86 +++++++++++++++++++++++++----------------- 4 files changed, 57 insertions(+), 37 deletions(-) diff --git a/manifests/database.pp b/manifests/database.pp index ecf0a23..8383e57 100644 --- a/manifests/database.pp +++ b/manifests/database.pp @@ -15,6 +15,7 @@ mysqld => { 'log-error' => '/var/log/mysql/mariadb.log', 'pid-file' => '/var/run/mysqld/mysqld.pid', + 'plugin-load-add' => 'auth_socket.so', }, mysqld_safe => { 'log-error' => '/var/log/mysql/mariadb.log', diff --git a/manifests/init.pp b/manifests/init.pp index 28bef72..4fe643c 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -56,6 +56,7 @@ Integer $http_port = 80, Integer $https_port = 443, Boolean $ssl = true, + Boolean $server_purge = false, Variant[Undef, Stdlib::Absolutepath] $ssl_key_file = undef, Variant[Undef, Stdlib::Absolutepath] $ssl_cert_file = undef, String $php_version = '7.0', diff --git a/manifests/install.pp b/manifests/install.pp index 30acb37..ec45a0b 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -5,12 +5,12 @@ owner => 'www-data', group => 'www-data', } - -> archive { '/var/www/html/nextcloud-13.0.2.tar.bz2': + -> archive { '/var/www/html/nextcloud-13.0.4.tar.bz2': ensure => present, - path => '/tmp/nextcloud-13.0.2.tar.bz2', + path => '/tmp/nextcloud-13.0.4.tar.bz2', extract => true, extract_path => '/var/www/html', - source => 'https://download.nextcloud.com/server/releases/nextcloud-13.0.2.tar.bz2', + source => 'https://download.nextcloud.com/server/releases/nextcloud-13.0.6.tar.bz2', creates => '/var/www/html/nextcloud/index.php', cleanup => true, user => 'www-data', diff --git a/manifests/webserver.pp b/manifests/webserver.pp index 51f5e60..4a9d50e 100644 --- a/manifests/webserver.pp +++ b/manifests/webserver.pp @@ -7,18 +7,16 @@ $server_names = $nextcloud::server_names, $php_version = $nextcloud::php_version, $worker_processes = $nextcloud::worker_processes, + $server_purge = $nextcloud::server_purge, ) { - if $ssl == true { - $port = $https_port - } else { - $port = $http_port - } class { 'nginx': + server_purge => $server_purge, manage_repo => false, worker_processes => $worker_processes, } if $ssl { + nginx::resource::server { 'nextcloud_server_redirect': ensure => present, server_name => $server_names, @@ -27,18 +25,20 @@ ssl_redirect_port => $https_port, use_default_location => false, } - } - nginx::resource::server { 'nextcloud_server_main': - ensure => present, - server_name => ['nextcloud', 'nextcloud.int.othalland.xyz'], - ssl => $ssl, - ssl_cert => $ssl_cert_file, - ssl_key => $ssl_key_file, - listen_port => $port, - http2 => true, - www_root => '/var/www/html/nextcloud', - client_max_body_size => '512M', - use_default_location => false, + + nginx::resource::server { 'nextcloud_server_main': + ensure => present, + server_name => $server_names, + listen_port => $https_port, + www_root => '/var/www/html/nextcloud', + client_max_body_size => '512M', + use_default_location => false, + ssl => true, + ssl_only => true, + ssl_cert => $ssl_cert_file, + ssl_key => $ssl_key_file, + https => on, + http2 => true, add_header => { 'X-Content-Type-Options' => 'nosniff', 'X-XSS-Protection' => '1; mode=block', @@ -54,11 +54,41 @@ 'gzip_proxied' => 'expired no-cache no-store private no_last_modified no_etag auth', 'gzip_types' => 'plication/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy', }, + } + } else { + + nginx::resource::server { 'nextcloud_server_main': + ensure => present, + server_name => $server_names, + listen_port => $http_port, + www_root => '/var/www/html/nextcloud', + client_max_body_size => '512M', + use_default_location => false, + add_header => { + 'X-Content-Type-Options' => 'nosniff', + 'X-XSS-Protection' => '1; mode=block', + 'X-Robots-Tag' => 'none', + 'X-Download-Options' => 'noopen', + 'X-Permitted-Cross-Domain-Policies' => 'none', + }, + server_cfg_prepend => { + 'gzip' => 'on', + 'gzip_vary' => 'on', + 'gzip_comp_level' => '4', + 'gzip_min_length' => '256', + 'gzip_proxied' => 'expired no-cache no-store private no_last_modified no_etag auth', + 'gzip_types' => 'plication/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy', + }, + } + } + nginx::resource::location { 'certbot': + ensure => present, + server => nextcloud_server_redirect, + location => '/\.well-known/', + try_files => ['$uri', '$uri/'], } - nginx::resource::location { 'root': + -> nginx::resource::location { 'root': ensure => present, - ssl => true, - ssl_only => true, index_files => [], server => 'nextcloud_server_main', location => '/', @@ -67,8 +97,6 @@ } -> nginx::resource::location { 'misc': ensure => present, - ssl => true, - ssl_only => true, index_files => [], server => 'nextcloud_server_main', location => '~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/', @@ -77,8 +105,6 @@ } -> nginx::resource::location { 'internal': ensure => present, - ssl => true, - ssl_only => true, index_files => [], server => 'nextcloud_server_main', location => '~ ^/(?:\.|autotest|occ|issue|indie|db_|console)', @@ -87,8 +113,6 @@ } -> nginx::resource::location { 'nextcloud': ensure => present, - ssl => true, - ssl_only => true, index_files => [], server => 'nextcloud_server_main', location => '~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/)', @@ -97,7 +121,7 @@ 'include fastcgi_params;', 'fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;', 'fastcgi_param PATH_INFO $fastcgi_path_info;', - 'fastcgi_param HTTPS on;', + 'fastcgi_param HTTPS $https if_not_empty;', 'fastcgi_param modHeadersAvailable true;', 'fastcgi_param front_controller_active true;', 'fastcgi_pass php-handler;', @@ -108,8 +132,6 @@ } -> nginx::resource::location { 'updater': ensure => present, - ssl => true, - ssl_only => true, index_files => ['index.php'], server => 'nextcloud_server_main', location => '~ ^/(?:updater|ocs-provider)(?:$|/)', @@ -118,8 +140,6 @@ } -> nginx::resource::location { 'css_js': ensure => present, - ssl => true, - ssl_only => true, index_files => ['index.php'], server => 'nextcloud_server_main', location => '~ \.(?:css|js|woff|svg|gif)$', @@ -137,15 +157,13 @@ } -> nginx::resource::location { 'static_media_pictures': ensure => present, - ssl => true, - ssl_only => true, index_files => ['index.php'], server => 'nextcloud_server_main', location => '~ \.(?:png|html|ttf|ico|jpg|jpeg)$', try_files => ['$uri', '/index.php$uri$is_args$args'], - location_cfg_append => { 'access_log' => 'off' }, priority => 407, } + nginx::resource::upstream { 'php-handler': members => [ "unix:/run/php/php${php_version}-fpm.sock", From 38099042e51801a5ec481a89323509788be44aaa Mon Sep 17 00:00:00 2001 From: dutchwhizzman <40290982+dutchwhizzman@users.noreply.github.com> Date: Sun, 4 Nov 2018 19:00:20 +0100 Subject: [PATCH 2/2] Update install.pp Fixed version numbering --- manifests/install.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/install.pp b/manifests/install.pp index ec45a0b..3b5266c 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -5,12 +5,12 @@ owner => 'www-data', group => 'www-data', } - -> archive { '/var/www/html/nextcloud-13.0.4.tar.bz2': + -> archive { '/var/www/html/nextcloud-13.0.7.tar.bz2': ensure => present, - path => '/tmp/nextcloud-13.0.4.tar.bz2', + path => '/tmp/nextcloud-13.0.7.tar.bz2', extract => true, extract_path => '/var/www/html', - source => 'https://download.nextcloud.com/server/releases/nextcloud-13.0.6.tar.bz2', + source => 'https://download.nextcloud.com/server/releases/nextcloud-13.0.7.tar.bz2', creates => '/var/www/html/nextcloud/index.php', cleanup => true, user => 'www-data',