+++ /dev/null
----
-infra::role: base
-
-infra::additional_classes:
- - infra::profile::postfix
-
-postfix::myorigin: "pixelpark.com"
-infra::profile::postfix::virtual_aliases_source: 'maps/virtual-nullclient-sparkasse'
-
-accounts::users:
- sebastian.bator:
- uid: 60304
- key: "AAAAB3NzaC1yc2EAAAADAQABAAACAQDQnpXspwbIAPh/y4rp5jsSDZL4SyOrEOIAhb1cHbrdwrwGO1jsy5xRAP5qtDtIPNuy48RWTHeVqi6xN//U42UKPvBkTftHF3Cxz7IhB0/nlQWKWFLm7mtt4jGpmq4CFA0Unehtf9hq6i3OkIteStkz9F8WTH+3Q8WcQNrOI01bPsQ5BzJ2sprGua6TpRY1qXOx9LmtXk5mcUsbck9XCclIFvPKqSfYLqz7Q6hL91Kv7GOFiKKMkbOLYa1XDrlZvx501d7Zi3Ps8nGGDHqiEondjlIEJQUqXulN+xJ5EaEv7Ou5ide8vPa/x9PRoUBDWDFkgpMRqTtGORoaLquQoRB7QE5tXO9phYOiKZIWYFU0uKJVj2SjXyufspx2o3Oew/v8jcjsEYAtYlH9x6tuOsxvl5APTqncUADAJuWW0PhyCV8eujROddJj62j06upmlCy+RnwEPrNoZEbmj1p7hOFCmQ9dpYGgy4DrBoitPqV6gHrFbWq4OduTij46Z5bVyuWho55615YwluPhObd93x2d1BhPNj9YsfiAYqxoEgjBg2m5AzRwlFuAJYWyusCw7XgNQoY6gzUrGJWsa2gvXkKXp8r4ZuOJ8UyIa1nY05CY9h286GXSO/QsHE2JVy2ulbSEG/ubZjofR5XOXHIWnUAslLgKOL5dAbKQRXjQ0BuFQw=="
- comment: "Sebastian Bator - Sparkasse"
- apply: true
- sudo: false
- shell: bash
- group: apache
- groups:
- - mysql
- deploy.spk:
- uid: 60305
- key: "AAAAB3NzaC1yc2EAAAADAQABAAACAQC5mpAoVWCs6K08pjcS7XR98Rf+ZrBLTi/fzOH5R5MFFmft6QH/+2DKNtzjFxe0+kobFKc8q+bF7H4ljJVKu4lVrQPKAIcoa7lv3i09u27t7oyn/u53DOceB5JSpXB4AD544IB3yGK4ZnqwEoAWaTQ34jIVwKhLcssHjIpNvzjgPyL0ltL37WpkilUN2nNA6YuJkLLO76+eD6/frPqtaWHJ1ONnUj7wDkXkSUIa1U0Igp5c3SpENr8NDb5TA9MkZJ8H3QOOWu8C8EqWKppF5d1oquZUa7AVERkKoSxm4twlLSi8IA5i4t8u2WENwe0xcgYBGH2dC31X7IKpelCQPmwrLwrcqRVz4i616iFx4LEDSbd+WD0nm/RU/D9XiHZ7xI60qmPTjo07kbmSUHbriqGYw+zap8HkdX2E9VRjr81Unc+MjJrieRcwCxqG4PvblXKTWrLkMVvnvovzNpISZxqOvp4Si7AYiqFWNubvzhYm7u+MhKjRJMvC/t5p70Tx1uX3Hz/OQjNZg6kbWhCnO7uS2AjpHvxKZKqywEcgBdCUXiVptPLxParqjbaQMYeh7jhTcaQFIVL5ZsfbywsK2Trk+mq7t4ft0gTI41UUOfZEvBhrniq3vuiSSdLLqBgYPplSYUeILn5IFnNKd/KVp0sL3gne8eF89gKL4p9jmJ9dyw=="
- comment: "Deployment User - Sparkasse"
- apply: true
- sudo: true
- sudo_cmds:
- - LIST
- shell: bash
- group: apache
- groups:
- - mysql
- franziska.naphtali:
- uid: 60306
- key: "AAAAB3NzaC1yc2EAAAABJQAAAQEA741NNtCaHDWJUEr/FYTv20a9N1xtuxxt/GvwVSbb6lpZPJds8LKLxILQIxfpmQlJRyuxhwUD3ak+/05WNcoUZlxsrc+s7YghWMpnoWrFnDVoNyXmAJll80K3MPhoHeyA8GwSAfbNM8Eg7BpPUBIehJhFdmCk+StfuS4m9TjSV2InKiakWdk0OAjGG0h9hu4PhzqsbbFMvWLpccG9txJoxNbnh16WKg0GasWcZiv5eqU9VPIOxeqWwjBxCdP0JxNqZbo2VAkS21rn4MmjkAJ9sWRst82HQxLfOJtSAv5Pt8vKK7GH0g71gt2qaouWoQa7VLZXrh59NhmRdsxqCNSUjw=="
- comment: "Franziska Naphtali - Sparkasse"
- apply: true
- sudo: false
- shell: bash
- group: apache
- groups:
- - mysql
- hendrik.hoffmann:
- uid: 60307
- key: "AAAAB3NzaC1yc2EAAAADAQABAAACAQDRXqSA4Al/Dp/xAJKiDI0seBoR5Cp/P8aMy0FqSPCa6Gn7Plmh1ljvUjdRh9JwJxuxyCCminqLp7XXwCP+/hthNwkcWqHpvxOQi2kwcTccjk9jsek5dEfzfXUwVZnt8MJp2ZEwBsU4QLSjAbyS4ie4Clu9XHdsJIlXnAViB5g9/gfbRXmziPPJOYtyFMSyiENcBJ8zvMx7IQS1+ptSox8x+hGJ/KnrUHxbSOe+UQiu5SfkBG+XUBsg7x2FDig1J9Jhwl+ppgjvf8ubHdmqZXQ3QTfoKCw1aa71+u2x8NclTYclLF52O19/wNWp/vppdBIbyVyvUYf7eXP8oy9IYri3TZiYP4K1mRM1X3UfrgRcvh8SA4xdzxCCzgJ0KIfNKL/rDlQUpttU5uRRsk5ZtiIiPusr4kcM64UyhbMk3OyJIBS1Zscl5bZXjmQeF74H1Zyl4iQVayZcuuqah/oihLgai1F1BOfuAQOE2qGOPzskROhku++A/co8IooBu1cX+DNTjOMbFuw2ru6D9zEXkKC+1DHrmkoPgNAvWw7+IkEfnr7dKbnzgnW7P22eO/PyVvo2um6uoUEQss6r5eTDXeMY9yb/t2DmBLtPcZ/CvsPnvOG/UoTcHP1bms58UtOlvSnK1Z+h8eOcBgJ8NVb4Uz1LyfjieTpi/G1As1qFwKzoTw=="
- comment: "Hendrik Hoffmann - Sparkasse"
- apply: true
- sudo: false
- shell: bash
- group: apache
- groups:
- - mysql
- minh.tran:
- uid: 60308
- key: "AAAAB3NzaC1yc2EAAAABJQAAAQEAlsGiRhm9aaGqVLidFC9F8v6ItThTBn3X3613P5YHUqMHLjKn8c5+gJ8+pDOrtUf1fEPOl8PKhzBwMYZL7Q4HNLe38qUvFa2IGYtTSBQE68mAHJl+s5extZwC/OzcADFXhslkx945790wrvtsOFHne9PlhSyLIK/KYx/23qaW4gpQW5z3qO0OCUtNR/wfss2rYMe1utBPoOscCQZG/sLl2dqg+zvEJkK+yKE4Alkw0i+ad84ewzcpEr/JBWiK/aAyV2+IVmf9MnCY+lcXTqGsYjK3VTl7ToK0ydcr1qtd7ezyoxlBzwJbIGaKRjt/ojGDqPgibVn5GKMUJncfzc1HfQ=="
- comment: "Minh Tran - Sparkasse"
- apply: true
- sudo: false
- shell: bash
- group: apache
- groups:
- - mysql
-
-sudo::configs:
- cmd_alias:
- priority: "05"
- content: |
- Cmnd_Alias LIST = /bin/less /var/log/php-fpm/*
- deploy:
- priority: "06"
- content: |
- deploy.spk ALL=(apache) NOPASSWD: ALL
-
-repo::remi_php71: true
-
-php::settings:
- Date/date.timezone: Europe/Berlin
- PHP/expose_php: 'Off'
- PHP/max_execution_time: 90
- PHP/memory_limit: 256M
-
-php::extensions:
- gd: {}
- opcache: {}
- mbstring: {}
- xml: {}
- mysqlnd: {}
- pdo: {}
- intl: {}
-
-infra::profile::apache_php::fpm_pool:
- sparchecker:
- listen_owner: apache
- listen_group: apache
-
-php::fpm::pools:
- www:
- ensure: absent
-
-apache::default_vhost: false
-
+++ /dev/null
----
-infra::additional_classes:
- - infra::profile::apache_php
- - infra::profile::mysql_server
- - infra::profile::cron
-
-apache::log_formats:
- spk_combined: '%%{ich-trickse}{X-Forwarded-For}i %a %l %u %t \"%r\" %>s %b \"%%{ich-trickse}{Referer}i\" \"%%{ich-trickse}{User-Agent}i\"'
-
-mysql::server::root_password: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEACX70W4nRA+3yFBjVJc6RZB9Ivxahcou4LlF1YyOp4sP4Hg4+Htd0SyMhE3bR0ImaJBpQChahEU6r9NWt0cNLu0i7jp6FQbSV52W0OfX5kyPXTZE07Lc1bOOIP0VLlR36BkkFlgqxu6BcZHpU5I2jLFjCsoksipZhjjGAGRXi5npvSjSEK0QXRD4EapjtHMW1Nfc8gkX1bXmVprBPnD29973KBy4PprHH36kppyZBWbuxgD0V3w18MV263S1YiXMbDXLnHcZdMrjQCYgH4DuhPwpTmMV1L5FYqqm16hWBeNepdRME38CbokXuEXc+lDQURfJhi8+jLI9sE/JPGQ1H7jBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBC5LYfbUHm19ZQk0FWnx6JngCA5dS3buG0jOYgQYhjDg28u37wOmAjhr8Y/cDLcwTsCeg==]
-mysql::server::backup::backuppassword: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAKYgu3RxkWScqDa1PwANjqVxavbX9XyI4ZNzfxNrV8pGeBNNn07hKejoFUlLH97iNEzrThivYL5SuRBrtZmx9m15h7Wr3xQSs7Uwjy33aF4op/ZfDMphBeDhWLUoQbMGg0dUIy3ky9nqlZA+gycx9hj57430FtJUS6uKmd5h51c5z9ZZVN/Xmu5sqj9XrDjhayTYDCMMjbBAXZlHIvifXSTTVRBcIROTn0GBa/PpAuizl/Qs/yGW8LA+AEqUIBiKSOnRdXuabcbTvdEQ7GrrqMFnx+P4yUMIJRNLwM94vUeyApibQ0seqxt3IozZwWaOBGIID+G6L6kclLC3TzJnQ2zBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCJP7+u/I60bVvCrPHsTl8wgCCpo6QJMw3txO10Jp+Y+pIHH6l5E3x123LiZSZt7MmvRw==]
-infra::profile::mysql_server::databases:
- sparchecker:
- user: sparchecker
- password: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAu7DNCfOUPiR4CHzyGVewO8HkBF061THdgcc5tg+TXq2/Kf2hgE79CWpbrLHgK5OW69Nnx+6+DXr2PWflyN9ykvOP9NuuR+v0WVcur+DntnEaRe4jDhj3jDXLosdVcMnbY/8vBhdWX1rZ32gHI6Ud+0RfWp4JWC/EOAMVdoTFlXZxayybxWkTr05uXvuCHJ8PakfnCflh9PgwgLxbZW73FcNCKDK0jhBU2D0IyxzowpfOQp66arY68X67iEmK5QUzFOIxMZgqkW6fkuUDRNUX8MfW6R5OoVFXj+kialZoWhvFXVMFfmH8tA5/lcAFieOu/RbREP0UkjIIo5mUNIQrRTBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBQZEgt/on+h4gp25kU7QKIgCC1yqMUM7HXxARA43l9VNypJ6T7EekX7SQ/RE7UtHsWAQ==]
-
-infra::profile::apache::htdigest:
- server:
- www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAPXzUOIQdrthx6nUbiPHoEC50cSmD1/wtCANCpMsvk23Iwzjd17Rd6Fn3nV4tPDhEkctoMxkEqvuUEUzxhWrNZtSWarzicRcnM1tIxoloUAzXH1/eSXwGdJgRGpdLOfKWGHJAUU2lRPuKcZvRCK8Ic5eXNXQwmvK5fxOHHNlOf4PVfgNRS2zElKKrSpnanB3inSDxumN0wDTZHWQvQ6JfYMHgTPQdPXWLTSRr05wTvd308hUtE9K8o9uULEc89LmoTNFH1pyE7no82kNqmJS2GVfCdH2lIJD3QmJYocR3bXH+JVLhtL5aNnI5ObRgttHtl30h1R6CuajtVvVOrgn6kjA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDWWdRsc52vq4Rohl4ounazgBBmIWlsU0GfdMm769kzNrFx]
-
-infra::profile::apache::pp_vhosts:
- sparchecker:
- docroot: /var/www/spar-checker/sparchecker-frontend
- servername: spar-checker.de
- serveraliases:
- - web01-spar-checker-de.pixelpark.net
- - spar-checker-de.pixelpark.net
- - sparkasse-sparchecker.de
- - www.spar-checker.de
- - www.sparkasse-sparchecker.de
- ssl: false
- docroot_owner: deploy.spk
- docroot_group: apache
- docroot_mode: '0750'
- access_log_format: spk_combined
- headers:
- - 'always set X-XSS-Protection "1; mode=block"'
- - 'always set X-Frame-Options "SAMEORIGIN"'
- - 'always set X-Content-Type-Options "nosniff"'
- - 'always set Strict-Transport-Security: "max-age=15768001"'
- - 'always set Referrer-Policy "strict-origin"'
- - "always set Content-Security-Policy \"default-src 'none'; connect-src 'self' www.google-analytics.com; script-src 'self' data: www.google-analytics.com 'sha256-aed8ae7e95bc21fd56a9074f9eedd4db237cf41ebb8ea603d8bf6764f0d23f4c'; style-src 'self' data: https://webfonts.sparkasse.de 'unsafe-inline'; img-src 'self' data: img.vxcdn.com www.google-analytics.com www.verivox.de; font-src 'self' data: https://webfonts.sparkasse.de; child-src 'self'; object-src 'self'; form-action 'self'; report-uri /api/v1/report;\""
-
- aliases:
- - { alias: /api , path: /var/www/spar-checker/sparchecker-backend/public/api }
- - { alias: /sfp , path: /var/www/spar-checker/sparchecker-backend/public/sfp }
- setenv:
- - 'APPLICATION_ENV production'
- setenvif:
- - 'HTTPS on X-Forwarded-Proto=https'
- - 'HTTPS on HTTPS=on'
- - 'X-Forwarded-For 80.146.239.2 admin_ip_range'
- - 'X-Forwarded-For 109.86.229.215 admin_ip_range'
- - 'X-Forwarded-For 130.180.83.190 admin_ip_range'
- - 'X-Forwarded-For 195.69.134.114 admin_ip_range'
- - 'X-Forwarded-For 62.181.145.202 admin_ip_range'
- - 'X-Forwarded-For 195.140.123 admin_ip_range'
- - 'X-Forwarded-For 195.140.44 admin_ip_range'
- - 'X-Forwarded-For 62.181.145 admin_ip_range'
- - 'X-Forwarded-For 62.181.146 admin_ip_range'
- - 'X-Forwarded-For 192.168.15.1[68] self_ip_range'
-
- error_documents:
- - { error_code: 401 , document: "/401.html" }
- - { error_code: 403 , document: "/403.html" }
- - { error_code: 404 , document: "/404.html" }
- - { error_code: 500 , document: "/500.html" }
- directories:
- - provider: directory
- path: '/var/www/spar-checker/sparchecker-frontend/'
- options:
- - FollowSymLinks
- allow_override:
- - None
- directoryindex: 'index.html'
- custom_fragment: |
- AddType text/plain .tmpl
- AddDefaultCharset utf-8
-
- ## Configuration of the cache expiration
- # Images and Fonts are versioned and should be cached 1 year
- # JS and CSS are versioned, but should only be cached for 1 month
- # The rest should not be cached
- ExpiresActive On
- ExpiresDefault A2592000
-
- # Versioned assets
- ExpiresByType image/png A31536000
- ExpiresByType image/gif A31536000
- ExpiresByType image/jpeg A31536000
- ExpiresByType image/svg+xml A31536000
- ExpiresByType application/x-font-ttf A31536000
- ExpiresByType application/x-font-truetype A31536000
- ExpiresByType application/x-font-opentype A31536000
- ExpiresByType application/font-sfnt A31536000
- ExpiresByType application/vnd.ms-fontobject A31536000
- ExpiresByType application/font-woff A31536000
- ExpiresByType application/font-woff2 A31536000
-
- # Versioned code
- ExpiresByType text/css A2592000
- ExpiresByType application/javascript A2592000
-
- # Not versioned assets
- ExpiresByType application/manifest+json A0
- ExpiresByType text/plain A0
- ExpiresByType text/html A0
- ExpiresByType application/x-web-app-manifest+json A0
- ExpiresByType text/cache-manifest A0
- ExpiresByType application/json A0
- ExpiresByType application/ld+json A0
- ExpiresByType application/schema+json A0
- ExpiresByType application/vnd.geo+json A0
- ExpiresByType text/javascript A0
- ExpiresByType text/xml A0
-
- rewrites:
- - comment: 'frontend root rewrite'
- rewrite_cond:
- - '%%{ich-trickse}{REQUEST_URI} ^/$'
- rewrite_rule:
- - '.* /index.html [END]'
- - comment: 'frontend rewrites'
- rewrite_rule:
- - '^code/(modernizr-custom|spar-checker-min|selection)-v[0-9]{1,4}\.(js|css|json)$ /code/$1.$2 [END]'
- - '^code/(modernizr-custom.js|spar-checker-min.css|spar-checker-min.js|selection.json)$ - [L]'
- - '^media/(.*)-v[0-9]{1,4}\.(svg|jpg|png|gif)$ /media/$1.$2 [END]'
- - '^media/(.*)\.(svg|jpg|png|gif)$ - [L]'
- - '^code/(.*)-v[0-9]{1,4}\.(tmpl|eot|svg|ttf|woff|woff2)$ /code/$1.$2 [END]'
- - '^code/.*\.(tmpl|eot|svg|ttf|woff|woff2)$ - [L]'
- - '^((401|403|404|500)\.html)$ - [L]'
- - '^(favicon-[0-9]{2}.ico)$ - [L]'
- - '^(favicon-[0-9]{2}x[0-9]{2}.png)$ - [L]'
- - '^(favicon.ico)$ - [L]'
- - '^(sitemap.xml)$ - [L]'
- - '^(robots.txt)$ - [L]'
- - '^(manifest.json)$ - [L]'
- - '^(browserconfig.xml)$ - [L]'
- - '^(android-chrome-[0-9]{2,3}x[0-9]{2,3}.png)$ - [L]'
- - '^(apple-touch-icon-[0-9]{2,3}x[0-9]{2,3}.png)$ - [L]'
- - '^(apple-touch-icon-precompose.png)$ - [L]'
- - '^(apple-touch-icon.png)$ - [L]'
- - '^(mstile-[0-9]{2,3}x[0-9]{2,3}.png)$ - [L]'
- - '^(opera_160.png)$ - [L]'
- - '.* /404.html [R=404,L]'
-
- - provider: location
- path: '/'
- limit_except:
- - { methods: "GET HEAD POST" , require: "all denied" }
- auth_type: Digest
- auth_name: server
- auth_digest_provider: file
- auth_digest_algorithm: MD5
- auth_user_file: '/etc/httpd/htdigest'
- require:
- enforce: any
- requires:
- - 'valid-user'
- - 'env self_ip_range'
- - 'env admin_ip_range'
- - provider: location
- path: '/sfp'
- auth_type: Digest
- auth_name: 'server'
- auth_digest_provider: file
- auth_digest_algorithm: MD5
- auth_user_file: '/etc/httpd/htdigest'
- require:
- enforce: all
- requires:
- - 'valid-user'
- - 'env admin_ip_range'
- - provider: directory
- path: '/var/www/spar-checker/sparchecker-backend/public/sfp/'
- addhandlers:
- - { handler: "proxy:unix:/var/run/php5-fpm-sparchecker.sock|fcgi://./" , extensions: '.php' }
- options:
- - FollowSymLinks
- allow_override:
- - None
- directoryindex: 'index.php'
- rewrites:
- - comment: 'sfp rewrites'
- rewrite_rule:
- - 'code/.*(css|js|eot|index.php|svg|ttf|woff|woff2)$ - [L]'
- - '.* /sfp/index.php [END]'
-
- - provider: directory
- path: '/var/www/spar-checker/sparchecker-backend/public/api/'
- addhandlers:
- - { handler: "proxy:unix:/var/run/php5-fpm-sparchecker.sock|fcgi://./" , extensions: '.php' }
- options:
- - FollowSymLinks
- allow_override:
- - None
- directoryindex: 'index.php'
- rewrites:
- - comment: 'api rewrites'
- rewrite_rule:
- - '^v1/[/[:alnum:]]{2,30}$ /api/index.php [END]'
- - '.* /404.html [R=404,L]'
-
- - provider: filesmatch
- path: '\.(ttf|otf|eot|woff|woff2)$'
- headers:
- - 'always set Access-Control-Allow-Origin "*"'
- rewrites:
- - comment: 'Alle Aliase auf Servername'
- rewrite_cond:
- - '%%{ich-trickse}{HTTP_HOST} !^www\.spar-checker\.de$ [NC]'
- rewrite_rule:
- - '^(.*)$ https://www.spar-checker.de [R=301,L]'
- - comment: 'http to https'
- rewrite_cond:
- - '%%{ich-trickse}{HTTP:HTTPS} !=on'
- - '%%{ich-trickse}{HTTP_HOST} ^www\.spar-checker\.de$ [NC]'
- rewrite_rule:
- - '^(.*)$ https://www.spar-checker.de$1 [R=301,L]'
-
-infra::profile::cron::cronjobs:
- clear_tokens:
- ensure: 'present'
- user: apache
- command: 'echo >> $LOG; date >> $LOG; php /var/www/spar-checker/sparchecker-backend/cli.php tokens-clear >>$LOG 2>&1'
- minute: '*/30'
- hour: '*'
- environment:
- - 'APPLICATION_ENV=production'
- - 'LOG=/var/www/log/cron/clear.token.log'
- description: clear tokens
- ping_api:
- ensure: 'present'
- user: apache
- command: 'echo >> $LOG; date >> $LOG; php /var/www/spar-checker/sparchecker-backend/cli.php api-pinger >>$LOG 2>&1'
- minute: '*/5'
- hour: '*'
- environment:
- - 'APPLICATION_ENV=production'
- - 'LOG=/var/www/log/cron/ping.api.log'
- description: ping api
- # 8x5-it@sparkassen-finanzportal.de
- send_logs_via_email:
- ensure: 'present'
- user: root
- command: '/var/www/cgi-bin/send_logs_via_email.sh'
- minute: '0'
- hour: '8'
- description: send webserver logs via email
- users_mark_unused:
- ensure: 'present'
- user: apache
- command: 'echo >> $LOG; date >> $LOG; php /var/www/spar-checker/sparchecker-backend/cli.php users-mark-unused >>$LOG 2>&1'
- minute: '0'
- hour: '4'
- environment:
- - 'APPLICATION_ENV=production'
- - 'LOG=/var/www/log/cron/users.mark.unused.log'
- description: users mark unused
- log_analysis:
- ensure: 'present'
- user: deploy.spk
- command: 'echo >> $LOG; date >> $LOG; /home/deploy.spk/swatch/log_analysis >>$LOG 2>&1'
- minute: '0'
- hour: '6'
- environment:
- - 'APPLICATION_ENV=production'
- - 'LOG=/var/www/log/cron/log.analysis.log'
- description: log analysis
\ No newline at end of file
+++ /dev/null
----
-infra::additional_classes:
- - infra::profile::apache_php
- - infra::profile::mysql_server
- - infra::profile::cron
-
-apache::log_formats:
- spk_combined: '%%{ich-trickse}{X-Forwarded-For}i %a %l %u %t \"%r\" %>s %b \"%%{ich-trickse}{Referer}i\" \"%%{ich-trickse}{User-Agent}i\"'
-
-mysql::server::root_password: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEALXSUFrj+9Yn41vRBaqpFmKj/Ojh1QBDIx2WG1nnOtJewSCUuLrbUCfCcrRWchmcYFEj0tIUGDlBeGaAD6cxYeFiQCK9WpeA5hd+FV/gXSSLah4Q2wz6ZOXXLdIT270sEMKGJONL/VYUkSrdT1h+y8KIwULbRvAYSBdXL0FUoIrVBxRt1thr+y/4K/E3xySrX0FsKjNpln0icC5Zt4TRE1fxrChOA7LKhVZBp05Iw7WH5t6txpOOZbH6cItsvGUnt3aXbSSiFu+060pEk7w5m82U/437iL40SJ615dK+i52Oh+LUinX5yV6T8c47mQlsJ/k6wvGY3rX523aFg1XliYzBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDYtJJFNWMMYRepy/tOaNXfgCB9KykOY5UfcO9W7RJIyIVDMzzIKbQBK3Tr86RkUMmAQw==]
-mysql::server::backup::backuppassword: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAqsIvptOejYWCbmnvN32J+mJCPEQBTI0b1wsgv72AWuANa9QpzMiH3d0odQgVAhtu55WS0VHcwA/OMhDmWT+dUJE9QkDJFVpZ+n9o1fX8A0atoTVHcjV+ki2zwGroX8mBZ1Y/VmtjjJB32MCixhE/uhS/OvO1TD/h0spmXXsSLPLK30ulAgN+DGHlyEYx69zGEoF+WU+rVrciFpBoITUIcYKmnQBrQtqi01gJB1mNqIsIyRESnp8ff8LIs54xhw5K9aU4qiNP/z/kmAUZJCq5Ja8YO5nf5e1euWaj0m4Il2k8/dK+Pvw0R/I8joyYKqir9+kwpvFKkGWODMzwzrII3TBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAAQamIzsiqRLZgEEefoXwNgCD83OhZVENssIJdHTAtRlPH9sIxdRIYb19K6x4J3xqnpQ==]
-infra::profile::mysql_server::databases:
- sparchecker:
- user: sparchecker
- password: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAlFBo9m24b1s+5POY1NpLub6ANKSbMTf01R1sZe9DnTwVdmkTEyj7r0P81uGWWY5WKujZReDAPRdX/iuB4GKLoljLWKN+IWQTEyQAjFjXNVL6RtgvJo0sC39lmyGgXIB6IIe9Xtd6SaTqRe3vUzMng/7CnKOEk9tYXgXsTbijl/uYMszw4YUgplvpwAzyv+Lv7CxlffZH/7Ou4Bk0OAc0q+0LEaFexGOBIcLZEIQpxZXhfBC0yIIWz5+8tjS9EEH/2jqQsDBQ/kRw96/XATFWt6RUKqZv1HcfV+6sC2UEYO9tGO/ddYkxkLWkhGj6ULGwp+x+ptAoDkjekvyysUcIPTBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAbiUd/8GpurGb6nIzhnlddgCC/4uhG6TQLtJp0pMb1kCRjJVtAKWvAEJ1EngZSS+lQDA==]
-
-infra::profile::apache::htdigest:
- server:
- www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAgaTs4v4M186pjYjcjEILHFMVdtz4n5FcysRYDbQQC27Ktcb3XEy7+lDAgnCuh5A2+uQgO5UxdUJQ+DTwvBiV7/3e4ZYSpfcOCmLqYz7GVCM3YottvVDDlG9q4w8QG/Zzakx8qFrrr7QC3VppG+X7Dm7e+Lb5lIk33MQ8Az5OOb9V6wnlObjhN7D1vkaMJP/LzTSdjfuMe0MSUCx+kT6Ckillq06gpW8J/4edrXYxrkmrYKOoUR1kSlXc48o1vClPw29qV3OIoOQAaLUFPKD7QtbGaCMWgQno3dRDyxkrhVuvrRl6SG9ozuEpnpbDe1TvH78rt3J6/RH1Kl3ahvWlozA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCttcrRUdZhsD+WuxTDqCdygBBqwtCddXMlVvPshhYJQZjB]
-
-infra::profile::apache::pp_vhosts:
- sparchecker:
- docroot: /var/www/spar-checker/sparchecker-frontend
- servername: spar-checker.stage.sparkassen-finanzportal.de
- serveraliases:
- - stage-spar-checker-de.pixelpark.net
- - stage-web01-spar-checker-de.pixelpark.net
- - www.spar-checker.stage.sparkassen-finanzportal.de
- ssl: false
- docroot_owner: deploy.spk
- docroot_group: apache
- docroot_mode: '0750'
- access_log_format: spk_combined
-
- headers:
- - 'always set X-XSS-Protection "1; mode=block"'
- - 'always set X-Frame-Options "SAMEORIGIN"'
- - 'always set X-Content-Type-Options "nosniff"'
- - 'always set Strict-Transport-Security: "max-age=15768001"'
- - 'always set Referrer-Policy "strict-origin"'
- - "always set Content-Security-Policy \"default-src 'none'; connect-src 'self' www.google-analytics.com; script-src 'self' data: www.google-analytics.com 'sha256-aed8ae7e95bc21fd56a9074f9eedd4db237cf41ebb8ea603d8bf6764f0d23f4c'; style-src 'self' data: https://webfonts.sparkasse.de 'unsafe-inline'; img-src 'self' data: img.vxcdn.com www.google-analytics.com www.verivox.de; font-src 'self' data: https://webfonts.sparkasse.de; child-src 'self'; object-src 'self'; form-action 'self'; report-uri /api/v1/report;\""
-
- aliases:
- - { alias: /api , path: /var/www/spar-checker/sparchecker-backend/public/api }
- - { alias: /sfp , path: /var/www/spar-checker/sparchecker-backend/public/sfp }
- setenv:
- - 'APPLICATION_ENV production'
- setenvif:
- - 'HTTPS on X-Forwarded-Proto=https'
- - 'HTTPS on HTTPS=on'
- - 'X-Forwarded-For 80.146.239.2 admin_ip_range'
- - 'X-Forwarded-For 109.86.229.215 admin_ip_range'
- - 'X-Forwarded-For 130.180.83.190 admin_ip_range'
- - 'X-Forwarded-For 195.69.134.114 admin_ip_range'
- - 'X-Forwarded-For 62.181.145.202 admin_ip_range'
- - 'X-Forwarded-For 195.140.123 admin_ip_range'
- - 'X-Forwarded-For 195.140.44 admin_ip_range'
- - 'X-Forwarded-For 62.181.145 admin_ip_range'
- - 'X-Forwarded-For 62.181.146 admin_ip_range'
- - 'X-Forwarded-For 192.168.15.16 self_ip_range'
- - 'X-Forwarded-For 192.168.15.18 self_ip_range'
-
- error_documents:
- - { error_code: 401 , document: "/401.html" }
- - { error_code: 403 , document: "/403.html" }
- - { error_code: 404 , document: "/404.html" }
- - { error_code: 500 , document: "/500.html" }
- directories:
- - provider: directory
- path: '/var/www/spar-checker/sparchecker-frontend/'
- options:
- - FollowSymLinks
- allow_override:
- - None
- directoryindex: 'index.html'
- custom_fragment: |
- AddType text/plain .tmpl
- AddDefaultCharset utf-8
-
- ## Configuration of the cache expiration
- # Images and Fonts are versioned and should be cached 1 year
- # JS and CSS are versioned, but should only be cached for 1 month
- # The rest should not be cached
- ExpiresActive On
- ExpiresDefault A2592000
-
- # Versioned assets
- ExpiresByType image/png A31536000
- ExpiresByType image/gif A31536000
- ExpiresByType image/jpeg A31536000
- ExpiresByType image/svg+xml A31536000
- ExpiresByType application/x-font-ttf A31536000
- ExpiresByType application/x-font-truetype A31536000
- ExpiresByType application/x-font-opentype A31536000
- ExpiresByType application/font-sfnt A31536000
- ExpiresByType application/vnd.ms-fontobject A31536000
- ExpiresByType application/font-woff A31536000
- ExpiresByType application/font-woff2 A31536000
-
- # Versioned code
- ExpiresByType text/css A2592000
- ExpiresByType application/javascript A2592000
-
- # Not versioned assets
- ExpiresByType application/manifest+json A0
- ExpiresByType text/plain A0
- ExpiresByType text/html A0
- ExpiresByType application/x-web-app-manifest+json A0
- ExpiresByType text/cache-manifest A0
- ExpiresByType application/json A0
- ExpiresByType application/ld+json A0
- ExpiresByType application/schema+json A0
- ExpiresByType application/vnd.geo+json A0
- ExpiresByType text/javascript A0
- ExpiresByType text/xml A0
-
- rewrites:
- - comment: 'frontend root rewrite'
- rewrite_cond:
- - '%%{ich-trickse}{REQUEST_URI} ^/$'
- rewrite_rule:
- - '.* /index.html [END]'
- - comment: 'frontend rewrites'
- rewrite_rule:
- - '^code/(modernizr-custom|spar-checker-min|selection)-v[0-9]{1,4}\.(js|css|json)$ /code/$1.$2 [END]'
- - '^code/(modernizr-custom.js|spar-checker-min.css|spar-checker-min.js|selection.json)$ - [L]'
- - '^media/(.*)-v[0-9]{1,4}\.(svg|jpg|png|gif)$ /media/$1.$2 [END]'
- - '^media/(.*)\.(svg|jpg|png|gif)$ - [L]'
- - '^code/(.*)-v[0-9]{1,4}\.(tmpl|eot|svg|ttf|woff|woff2)$ /code/$1.$2 [END]'
- - '^code/.*\.(tmpl|eot|svg|ttf|woff|woff2)$ - [L]'
- - '^((401|403|404|500)\.html)$ - [L]'
- - '^(favicon-[0-9]{2}.ico)$ - [L]'
- - '^(favicon-[0-9]{2}x[0-9]{2}.png)$ - [L]'
- - '^(favicon.ico)$ - [L]'
- - '^(sitemap.xml)$ - [L]'
- - '^(robots.txt)$ - [L]'
- - '^(manifest.json)$ - [L]'
- - '^(browserconfig.xml)$ - [L]'
- - '^(android-chrome-[0-9]{2,3}x[0-9]{2,3}.png)$ - [L]'
- - '^(apple-touch-icon-[0-9]{2,3}x[0-9]{2,3}.png)$ - [L]'
- - '^(apple-touch-icon-precompose.png)$ - [L]'
- - '^(apple-touch-icon.png)$ - [L]'
- - '^(mstile-[0-9]{2,3}x[0-9]{2,3}.png)$ - [L]'
- - '^(opera_160.png)$ - [L]'
- - '.* /404.html [R=404,L]'
-
- - provider: location
- path: '/'
- limit_except:
- - { methods: "GET HEAD POST" , require: "all denied" }
- auth_type: Digest
- auth_name: server
- auth_digest_provider: file
- auth_digest_algorithm: MD5
- auth_user_file: '/etc/httpd/htdigest'
- require:
- enforce: any
- requires:
- - 'valid-user'
- - 'env self_ip_range'
- - 'env admin_ip_range'
- - provider: location
- path: '/sfp'
- auth_type: Digest
- auth_name: 'server'
- auth_digest_provider: file
- auth_digest_algorithm: MD5
- auth_user_file: '/etc/httpd/htdigest'
- require:
- enforce: all
- requires:
- - 'valid-user'
- - 'env admin_ip_range'
- - provider: directory
- path: '/var/www/spar-checker/sparchecker-backend/public/sfp/'
- addhandlers:
- - { handler: "proxy:unix:/var/run/php5-fpm-sparchecker.sock|fcgi://./" , extensions: '.php' }
- options:
- - FollowSymLinks
- allow_override:
- - None
- directoryindex: 'index.php'
- rewrites:
- - comment: 'sfp rewrites'
- rewrite_rule:
- - 'code/.*(css|js|eot|index.php|svg|ttf|woff|woff2)$ - [L]'
- - '.* /sfp/index.php [END]'
-
- - provider: directory
- path: '/var/www/spar-checker/sparchecker-backend/public/api/'
- addhandlers:
- - { handler: "proxy:unix:/var/run/php5-fpm-sparchecker.sock|fcgi://./" , extensions: '.php' }
- options:
- - FollowSymLinks
- allow_override:
- - None
- directoryindex: 'index.php'
- rewrites:
- - comment: 'api rewrites'
- rewrite_rule:
- - '^v1/[/[:alnum:]]{2,30}$ /api/index.php [END]'
- - '.* /404.html [R=404,L]'
-
- - provider: filesmatch
- path: '\.(ttf|otf|eot|woff|woff2)$'
- headers:
- - 'always set Access-Control-Allow-Origin "*"'
-
- rewrites:
- - comment: 'http to https'
- rewrite_cond:
- - '%%{ich-trickse}{HTTP:HTTPS} !=on'
- rewrite_rule:
- - '^(.*)$ https://stage-spar-checker-de.pixelpark.net$1 [R=301,L]'
- - comment: 'Alle Aliase auf Servername'
- rewrite_cond:
- - '%%{ich-trickse}{HTTP_HOST} !^stage-spar-checker-de.pixelpark.net$ [NC]'
- rewrite_rule:
- - '^(.*)$ https://stage-spar-checker-de.pixelpark.net$1 [R=301,L]'
-
-infra::profile::cron::cronjobs:
- clear_tokens:
- ensure: 'present'
- user: apache
- command: 'echo >> $LOG; date >> $LOG; php /var/www/spar-checker/sparchecker-backend/cli.php tokens-clear >>$LOG 2>&1'
- minute: '*/30'
- hour: '*'
- environment:
- - 'APPLICATION_ENV=production'
- - 'LOG=/var/www/log/cron/clear.token.log'
- description: clear tokens
- ping_api:
- ensure: 'present'
- user: apache
- command: 'echo >> $LOG; date >> $LOG; php /var/www/spar-checker/sparchecker-backend/cli.php api-pinger >>$LOG 2>&1'
- minute: '*/5'
- hour: '*'
- environment:
- - 'APPLICATION_ENV=production'
- - 'LOG=/var/www/log/cron/ping.api.log'
- description: ping api
- # 8x5-it@sparkassen-finanzportal.de
- send_logs_via_email:
- ensure: 'present'
- user: root
- command: '/var/www/cgi-bin/send_logs_via_email.sh'
- minute: '0'
- hour: '8'
- description: send webserver logs via email
- users_mark_unused:
- ensure: 'present'
- user: apache
- command: 'echo >> $LOG; date >> $LOG; php /var/www/spar-checker/sparchecker-backend/cli.php users-mark-unused >>$LOG 2>&1'
- minute: '0'
- hour: '4'
- environment:
- - 'APPLICATION_ENV=production'
- - 'LOG=/var/www/log/cron/users.mark.unused.log'
- description: users mark unused
- log_analysis:
- ensure: 'present'
- user: deploy.spk
- command: 'echo >> $LOG; date >> $LOG; /home/deploy.spk/swatch/log_analysis >>$LOG 2>&1'
- minute: '0'
- hour: '6'
- environment:
- - 'APPLICATION_ENV=production'
- - 'LOG=/var/www/log/cron/log.analysis.log'
- description: log analysis
projects / pixelpark / hiera.git / commitdiff