ODT - fix new live

author Oliver Böttcher <oliver.boettcher@pixelpark.com>

Mon, 10 Jul 2017 12:02:56 +0000 (14:02 +0200)

committer Oliver Böttcher <oliver.boettcher@pixelpark.com>

Mon, 10 Jul 2017 12:02:56 +0000 (14:02 +0200)
author Oliver Böttcher <oliver.boettcher@pixelpark.com>
Mon, 10 Jul 2017 12:02:56 +0000 (14:02 +0200)
committer Oliver Böttcher <oliver.boettcher@pixelpark.com>
Mon, 10 Jul 2017 12:02:56 +0000 (14:02 +0200)
diff --git a/customer/mbvd-odt/odt-daimler-com.pixelpark.net.yaml b/customer/mbvd-odt/odt-daimler-com.pixelpark.net.yaml

index 0e8ac62fb1c638f30df6f6ab71a5b05234d43a61..d3fabba5171cff4a8c32f8fe25f591f93411f96e 100644 (file)
--- a/customer/mbvd-odt/odt-daimler-com.pixelpark.net.yaml
+++ b/customer/mbvd-odt/odt-daimler-com.pixelpark.net.yaml
@@ -1,10 +1,12 @@
  ---
  infra::role: base
-#infra::additional_classes:
-#  - infra::profile::apache
-#  - apache::mod::proxy_ajp
-#  - apache::mod::remoteip
-#  - apache::mod::headers
+infra::additional_classes:
+  - infra::profile::apache
+  - apache::mod::proxy_ajp
+  - apache::mod::remoteip
+  - apache::mod::headers
+  - infra::profile::cron
+
  
  infra::profile::apache::pp_vhosts:
    odt:
@@ -14,26 +16,39 @@ infra::profile::apache::pp_vhosts:
        - odt-daimler-com-temp.pixelpark.net
        - odt-daimler-com.pixelpark.net
      ssl: true
-    ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
-    ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem'
-    ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+    cert_servername: 'odt.daimler.com'
+    cert_customer: 'daimler'
+    ssl_cert: '/etc/pki/tls/certs/odt.daimler.com-cert.pem'
+    ssl_key: '/etc/pki/tls/private/odt.daimler.com-key.pem'
+    ssl_chain: '/etc/pki/tls/certs/odt.daimler.com-cert.pem'
      ssl_verify_client: require
-    #ssl_crl_check: chain
-    #ssl_crl: '/etc/pki/tls/certs/odt-cacrl.pem'
+    ssl_crl: '/etc/pki/tls/certs/odt-cacrl.pem'
      ssl_ca: '/etc/pki/tls/certs/odt-root-ca.pem'
+    custom_fragment_ssl: 'SSLRequire %%{ich-trickse}{SSL_CLIENT_S_DN_O} eq "ODT"'
      rewrites_non_ssl:
-      - comment: 'almost all to https'
-        rewrite_cond:
-          - '%{ich-trickse}{REQUEST_URI} !^(/.\.html|/emm_webservice)$'
+      - https:
+        comment: 'almost all to https'
+        rewritecond:
+          - '%%{ich-trickse}{REQUEST_URI} !^/.\.html'
          rewrite_rule:
-          - '^(.*)$ https://odt-daimler-com.pixelpark.net$1 [L,R=301]'
+          - '^(.*)$ https://int-odt-daimler-com.pixelpark.net$1 [L,R=301]'
      proxy_preserve_host: true
      proxy_pass:
        - { path: /, url: 'ajp://localhost:8009/' }
      directories:
-      - provider: location
+      - webservice:
+        provider: location
          path: '/emm_webservice'
          require:
            - 'ip 93.188.107.192/26'
            - 'ip 217.66.50.0/24'
            - 'ip 217.66.51.0/24'
+        custom_fragment: "SSLVerifyClient none"
+
+infra::profile::cron::cronjobs:
+  fetchcrl:
+    user: root
+    command: 'scp httpd@odt-tinyca:/www/htdocs/odt-tinyca.pixelpark.net/data/phpki-store/CA/crl/cacrl.pem /etc/pki/tls/certs/odt-cacrl.pem && systemctl reload httpd'
+    minute: 0
+    hour: 5
+    description: um 05:00 Uhr wird die Revocationlist vom User openemm geholt. somit muss der Webserver restarted werden
author	Oliver Böttcher <oliver.boettcher@pixelpark.com>
	Mon, 10 Jul 2017 12:02:56 +0000 (14:02 +0200)
committer	Oliver Böttcher <oliver.boettcher@pixelpark.com>
	Mon, 10 Jul 2017 12:02:56 +0000 (14:02 +0200)