--- /dev/null
+---
+mysql::client::package_name: "mysql-community-client" # required forproper MySQL installation
+mysql::server::package_name: "mysql-community-server" # required forproper MySQL installation
+mysql::server::service_name: "mysqld"
+mysql::server::users:
+ 'replication@%':
+ password_hash: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAQqb00kdh1x/DxMgkawRvI1jSHD3lG2HZgn6DPPH831pSJ9lnm1SnqlxCxU526CyCVE6Q9cNZgsaPatu6FWdOUl1WA26Yutbh2UOhU47olweRLAOv83dtiuADQLgqgp8MMcuIC2X9DVSjFA/tL2ucvdyZp5oUqYQrS9CKyDsmr185N+WjFXwhZOH3foI8PrVXe5xJMmUhWf8gFCVQee9kvmXQfd4ezyZ4OPOWt1yASaPS8xpPDK+zmu/QizydsK2Rs6xSzGpPyccU80Dw3bomjd4lM98gct58kVe0Eoqg3wOwsb662Flovh9EUULX0OnEIkV5Vi0KYDnO0yfZhVhdmTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBQVMrKiYncTWVRLcBbteVLgDAhIH+adP9NcucM5xOEUvOKrCOHeT6q4hSqWc0XxrU59nsRd9Wwk5+O2DmfMcOKpOg=]
+mysql::server::grants:
+ 'replication@%/*.*':
+ options: 'GRANT'
+ privileges: 'REPLICATION SLAVE'
+ table: '*.*'
+ user: 'replication@%'
+
+mysql::server::root_password: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEALXSUFrj+9Yn41vRBaqpFmKj/Ojh1QBDIx2WG1nnOtJewSCUuLrbUCfCcrRWchmcYFEj0tIUGDlBeGaAD6cxYeFiQCK9WpeA5hd+FV/gXSSLah4Q2wz6ZOXXLdIT270sEMKGJONL/VYUkSrdT1h+y8KIwULbRvAYSBdXL0FUoIrVBxRt1thr+y/4K/E3xySrX0FsKjNpln0icC5Zt4TRE1fxrChOA7LKhVZBp05Iw7WH5t6txpOOZbH6cItsvGUnt3aXbSSiFu+060pEk7w5m82U/437iL40SJ615dK+i52Oh+LUinX5yV6T8c47mQlsJ/k6wvGY3rX523aFg1XliYzBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDYtJJFNWMMYRepy/tOaNXfgCB9KykOY5UfcO9W7RJIyIVDMzzIKbQBK3Tr86RkUMmAQw==]
+mysql::server::backup::backuppassword: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAqsIvptOejYWCbmnvN32J+mJCPEQBTI0b1wsgv72AWuANa9QpzMiH3d0odQgVAhtu55WS0VHcwA/OMhDmWT+dUJE9QkDJFVpZ+n9o1fX8A0atoTVHcjV+ki2zwGroX8mBZ1Y/VmtjjJB32MCixhE/uhS/OvO1TD/h0spmXXsSLPLK30ulAgN+DGHlyEYx69zGEoF+WU+rVrciFpBoITUIcYKmnQBrQtqi01gJB1mNqIsIyRESnp8ff8LIs54xhw5K9aU4qiNP/z/kmAUZJCq5Ja8YO5nf5e1euWaj0m4Il2k8/dK+Pvw0R/I8joyYKqir9+kwpvFKkGWODMzwzrII3TBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAAQamIzsiqRLZgEEefoXwNgCD83OhZVENssIJdHTAtRlPH9sIxdRIYb19K6x4J3xqnpQ==]
+infra::profile::mysql_server::databases:
+ sparchecker:
+ user: sparchecker
+ password: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAlFBo9m24b1s+5POY1NpLub6ANKSbMTf01R1sZe9DnTwVdmkTEyj7r0P81uGWWY5WKujZReDAPRdX/iuB4GKLoljLWKN+IWQTEyQAjFjXNVL6RtgvJo0sC39lmyGgXIB6IIe9Xtd6SaTqRe3vUzMng/7CnKOEk9tYXgXsTbijl/uYMszw4YUgplvpwAzyv+Lv7CxlffZH/7Ou4Bk0OAc0q+0LEaFexGOBIcLZEIQpxZXhfBC0yIIWz5+8tjS9EEH/2jqQsDBQ/kRw96/XATFWt6RUKqZv1HcfV+6sC2UEYO9tGO/ddYkxkLWkhGj6ULGwp+x+ptAoDkjekvyysUcIPTBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAbiUd/8GpurGb6nIzhnlddgCC/4uhG6TQLtJp0pMb1kCRjJVtAKWvAEJ1EngZSS+lQDA==]
+
+infra::profile::apache::htdigest:
+ server:
+ www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAgaTs4v4M186pjYjcjEILHFMVdtz4n5FcysRYDbQQC27Ktcb3XEy7+lDAgnCuh5A2+uQgO5UxdUJQ+DTwvBiV7/3e4ZYSpfcOCmLqYz7GVCM3YottvVDDlG9q4w8QG/Zzakx8qFrrr7QC3VppG+X7Dm7e+Lb5lIk33MQ8Az5OOb9V6wnlObjhN7D1vkaMJP/LzTSdjfuMe0MSUCx+kT6Ckillq06gpW8J/4edrXYxrkmrYKOoUR1kSlXc48o1vClPw29qV3OIoOQAaLUFPKD7QtbGaCMWgQno3dRDyxkrhVuvrRl6SG9ozuEpnpbDe1TvH78rt3J6/RH1Kl3ahvWlozA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCttcrRUdZhsD+WuxTDqCdygBBqwtCddXMlVvPshhYJQZjB]
+
+infra::profile::apache::pp_vhosts:
+ sparchecker:
+ docroot: /var/www/spar-checker/sparchecker-frontend
+ servername: spar-checker.stage.sparkassen-finanzportal.de
+ serveraliases:
+ - stage-spar-checker-de.pixelpark.net
+ - stage-web01-spar-checker-de.pixelpark.net
+ - stage-web02-spar-checker-de.pixelpark.net
+ - www.spar-checker.stage.sparkassen-finanzportal.de
+ ssl: false
+ docroot_owner: deploy.spk
+ docroot_group: apache
+ docroot_mode: '0750'
+ access_log_format: lb_combined
+ headers:
+ - 'always set X-XSS-Protection "1; mode=block"'
+ - 'always set X-Frame-Options "SAMEORIGIN"'
+ - 'always set X-Content-Type-Options "nosniff"'
+ - 'always set Strict-Transport-Security: "max-age=15768001"'
+ - 'always set Referrer-Policy "origin"'
+ - "set Content-Security-Policy \"default-src 'none'; connect-src 'self'; script-src 'self' data: www.google-analytics.com 'sha256-aed8ae7e95bc21fd56a9074f9eedd4db237cf41ebb8ea603d8bf6764f0d23f4c'; style-src 'self' data: https://webfonts.sparkasse.de 'unsafe-inline'; img-src 'self' data: img.vxcdn.com www.google-analytics.com www.verivox.de; font-src 'self' data: https://webfonts.sparkasse.de; child-src 'self'; object-src 'self'; form-action 'self'; report-uri /api/v1/report;\""
+
+ aliases:
+ - { alias: /api , path: /var/www/spar-checker/sparchecker-backend/public/api }
+ - { alias: /sfp , path: /var/www/spar-checker/sparchecker-backend/public/sfp }
+ setenv:
+ - 'APPLICATION_ENV production'
+ setenvif:
+ - 'HTTPS on X-Forwarded-Proto=https'
+ - 'HTTPS on HTTPS=on'
+ - 'X-Forwarded-For 80.146.239.2 admin_ip_range'
+ - 'X-Forwarded-For 109.86.229.215 admin_ip_range'
+ - 'X-Forwarded-For 130.180.83.190 admin_ip_range'
+ - 'X-Forwarded-For 195.69.134.114 admin_ip_range'
+ - 'X-Forwarded-For 62.181.145.202 admin_ip_range'
+ - 'X-Forwarded-For 195.140.123 admin_ip_range'
+ - 'X-Forwarded-For 195.140.44 admin_ip_range'
+ - 'X-Forwarded-For 62.181.145 admin_ip_range'
+ - 'X-Forwarded-For 62.181.146 admin_ip_range'
+ - 'X-Forwarded-For 192.168.15.1[6789] self_ip_range'
+
+ error_documents:
+ - { error_code: 401 , document: "/401.html" }
+ - { error_code: 403 , document: "/403.html" }
+ - { error_code: 404 , document: "/404.html" }
+ - { error_code: 500 , document: "/500.html" }
+ directories:
+ - provider: directory
+ path: '/var/www/spar-checker/sparchecker-frontend/'
+ options:
+ - FollowSymLinks
+ allow_override:
+ - None
+ directoryindex: 'index.html'
+ custom_fragment: |
+ AddType text/plain .tmpl
+ ExpiresActive On
+ ExpiresDefault A0
+ <FilesMatch "\.(html|tmpl|js)$">
+ ExpiresDefault A0
+ Header set Cache-Control "no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform"
+ Header set Pragma "no-cache"
+ </FilesMatch>
+
+ rewrites:
+ - comment: 'frontend root rewrite'
+ rewrite_cond:
+ - '%%{ich-trickse}{REQUEST_URI} ^/$'
+ rewrite_rule:
+ - '.* /index.html [END]'
+ - comment: 'frontend rewrites'
+ rewrite_rule:
+ - '^code/(modernizr-custom|spar-checker-min|selection)-v[0-9]{1,4}\.(js|css|json)$ /code/$1.$2 [END]'
+ - '^code/(modernizr-custom.js|spar-checker-min.css|spar-checker-min.js|selection.json)$ - [L]'
+ - '^media/(.*)-v[0-9]{1,4}\.(svg|jpg|png|gif)$ /media/$1.$2 [END]'
+ - '^media/(.*)\.(svg|jpg|png|gif)$ - [L]'
+ - '^code/(.*)-v[0-9]{1,4}\.(tmpl|eot|svg|ttf|woff|woff2)$ /code/$1.$2 [END]'
+ - '^code/.*\.(tmpl|eot|svg|ttf|woff|woff2)$ - [L]'
+ - '^((401|403|404|500)\.html)$ - [L]'
+ - '^(favicon-[0-9]{2}.ico)$ - [L]'
+ - '^(favicon-[0-9]{2}x[0-9]{2}.png)$ - [L]'
+ - '^(favicon.ico)$ - [L]'
+ - '^(sitemap.xml)$ - [L]'
+ - '^(robots.txt)$ - [L]'
+ - '^(manifest.json)$ - [L]'
+ - '^(browserconfig.xml)$ - [L]'
+ - '^(android-chrome-[0-9]{2,3}x[0-9]{2,3}.png)$ - [L]'
+ - '^(apple-touch-icon-[0-9]{2,3}x[0-9]{2,3}.png)$ - [L]'
+ - '^(apple-touch-icon-precompose.png)$ - [L]'
+ - '^(apple-touch-icon.png)$ - [L]'
+ - '^(mstile-[0-9]{2,3}x[0-9]{2,3}.png)$ - [L]'
+ - '^(opera_160.png)$ - [L]'
+ - '.* /404.html [R=404,L]'
+
+ - provider: location
+ path: '/'
+ limit_except:
+ - { methods: "GET HEAD POST" , require: "all denied" }
+ auth_type: Digest
+ auth_name: server
+ auth_digest_provider: file
+ auth_digest_algorithm: MD5
+ auth_user_file: '/etc/httpd/htdigest'
+ require:
+ enforce: any
+ requires:
+ - 'valid-user'
+ - 'env self_ip_range'
+ - 'env admin_ip_range'
+ - provider: location
+ path: '/sfp'
+ auth_type: Digest
+ auth_name: 'server'
+ auth_digest_provider: file
+ auth_digest_algorithm: MD5
+ auth_user_file: '/etc/httpd/htdigest'
+ require:
+ enforce: all
+ requires:
+ - 'valid-user'
+ - 'env admin_ip_range'
+ - provider: directory
+ path: '/var/www/spar-checker/sparchecker-backend/public/sfp/'
+ addhandlers:
+ - { handler: "proxy:unix:/var/run/php5-fpm-sparchecker.sock|fcgi://./" , extensions: '.php' }
+ options:
+ - FollowSymLinks
+ allow_override:
+ - None
+ directoryindex: 'index.php'
+ rewrites:
+ - comment: 'sfp rewrites'
+ rewrite_rule:
+ - 'code/.*(css|js|eot|index.php|svg|ttf|woff|woff2)$ - [L]'
+ - '.* /sfp/index.php [END]'
+
+ - provider: directory
+ path: '/var/www/spar-checker/sparchecker-backend/public/api/'
+ addhandlers:
+ - { handler: "proxy:unix:/var/run/php5-fpm-sparchecker.sock|fcgi://./" , extensions: '.php' }
+ options:
+ - FollowSymLinks
+ allow_override:
+ - None
+ directoryindex: 'index.php'
+ rewrites:
+ - comment: 'api rewrites'
+ rewrite_rule:
+ - '^v1/[/[:alnum:]]{2,30}$ /api/index.php [END]'
+ - '.* /404.html [R=404,L]'
+
+ - provider: filesmatch
+ path: '\.(ttf|otf|eot|woff|woff2)$'
+ headers:
+ - 'always set Access-Control-Allow-Origin "*"'
+
+ rewrites:
+ - comment: 'http to https'
+ rewrite_cond:
+ - '%%{ich-trickse}{HTTP:HTTPS} !=on'
+ rewrite_rule:
+ - '^(.*)$ https://stage-spar-checker-de.pixelpark.net$1 [R=301,L]'
+ - comment: 'Alle Aliase auf Servername'
+ rewrite_cond:
+ - '%%{ich-trickse}{HTTP_HOST} !^stage-spar-checker-de.pixelpark.net$ [NC]'
+ rewrite_rule:
+ - '^(.*)$ https://stage-spar-checker-de.pixelpark.net$1 [R=301,L]'
+
+infra::profile::cron::cronjobs:
+ clear_tokens:
+ ensure: 'present'
+ user: apache
+ command: 'echo >> $LOG; date >> $LOG; php /var/www/spar-checker/sparchecker-backend/cli.php tokens-clear >>$LOG 2>&1'
+ minute: '*/30'
+ hour: '*'
+ environment:
+ - 'APPLICATION_ENV=production'
+ - 'LOG=/var/www/log/cron/clear.token.log'
+ description: clear tokens
+ ping_api:
+ ensure: 'present'
+ user: apache
+ command: 'echo >> $LOG; date >> $LOG; php /var/www/spar-checker/sparchecker-backend/cli.php api-pinger >>$LOG 2>&1'
+ minute: '*/5'
+ hour: '*'
+ environment:
+ - 'APPLICATION_ENV=production'
+ - 'LOG=/var/www/log/cron/ping.api.log'
+ description: ping api
+ # 8x5-it@sparkassen-finanzportal.de
+ send_logs_via_email:
+ ensure: 'present'
+ user: root
+ command: '/var/www/cgi-bin/send_logs_via_email.sh'
+ minute: '0'
+ hour: '8'
+ description: send webserver logs via email
projects / pixelpark / hiera.git / commitdiff