ODT - fix SSL

diff --git a/customer/mbvd-odt/odt-daimler-com.pixelpark.net.yaml b/customer/mbvd-odt/odt-daimler-com.pixelpark.net.yaml
index d3fabba5171cff4a8c32f8fe25f591f93411f96e..210ba6df0d6c25937be43ba8db3bff1dbd1d2ca2 100644 (file)
--- a/customer/mbvd-odt/odt-daimler-com.pixelpark.net.yaml
+++ b/customer/mbvd-odt/odt-daimler-com.pixelpark.net.yaml
@@ -6,6 +6,7 @@ infra::additional_classes:
   - apache::mod::remoteip
   - apache::mod::headers
   - infra::profile::cron
+  - logstash
 
 
 infra::profile::apache::pp_vhosts:
@@ -24,7 +25,6 @@ infra::profile::apache::pp_vhosts:
     ssl_verify_client: require
     ssl_crl: '/etc/pki/tls/certs/odt-cacrl.pem'
     ssl_ca: '/etc/pki/tls/certs/odt-root-ca.pem'
-    custom_fragment_ssl: 'SSLRequire %%{ich-trickse}{SSL_CLIENT_S_DN_O} eq "ODT"'
     rewrites_non_ssl:
       - https:
         comment: 'almost all to https'
@@ -34,8 +34,17 @@ infra::profile::apache::pp_vhosts:
           - '^(.*)$ https://int-odt-daimler-com.pixelpark.net$1 [L,R=301]'
     proxy_preserve_host: true
     proxy_pass:
+      - { path: /teilenews-service, url: 'http://localhost:8082/teilenews-service' }
+      - { path: /newsletterservice, url: 'http://localhost:8081/newsletterservice' }
       - { path: /, url: 'ajp://localhost:8009/' }
-    directories:
+    directories_ssl:
+      - slash:
+        provider: location
+        path: '/'
+        custom_fragment: |
+          # enabled until merge of 71e4c530d286b8f11863d16ee94bc2f28f800cce
+          SSLRequire %%{ich-trickse}{SSL_CLIENT_I_DN_O} eq "ODT"
+          SSLVerifyClient require
       - webservice:
         provider: location
         path: '/emm_webservice'
@@ -43,7 +52,28 @@ infra::profile::apache::pp_vhosts:
           - 'ip 93.188.107.192/26'
           - 'ip 217.66.50.0/24'
           - 'ip 217.66.51.0/24'
-        custom_fragment: "SSLVerifyClient none"
+      - newsletterservice:
+        provider: location
+        path: '/newsletterservice'
+        require:
+            - ip 217.66.51.0/24
+            - ip 217.66.50.0/24
+            - ip 217.66.56.0/24
+            - ip 213.61.96.226
+            - ip 176.28.25.242
+            - ip 100.97.70.141
+            - ip 37.120.57.39
+            - ip 46.30.59.148
+            - ip 82.165.141.125
+            - ip 37.120.103.75
+            - ip 83.125.19.254
+            - ip 192.168.170.49
+            - ip 192.168.170.53
+            - ip 192.168.170.52
+            - ip 54.205.87.231
+            - ip 86.56.52.27
+            - ip 100.97.127.4
+            - ip 37.202.1.232
 
 infra::profile::cron::cronjobs:
   fetchcrl:
@@ -52,3 +82,38 @@ infra::profile::cron::cronjobs:
     minute: 0
     hour: 5
     description: um 05:00 Uhr wird die Revocationlist vom User openemm geholt. somit muss der Webserver restarted werden
+
+logstash::filter:
+  - journald
+
+logstash::generic_resource:
+  mbvd-teilenews-service:
+    resource: pipe
+    order: 10
+    parameters:
+      command: '/bin/journalctl -o cat -fl -u mbvd-teilenews-service.service'
+      type: webapp
+      tags:
+        - 'int'
+        - "%{customer}"
+        - "mbvd-teilenews-service"
+      codec:
+        type: multiline
+        what: previous
+        pattern: "^%%{ich-trickse}{TIMESTAMP_ISO8601}"
+        negate: true
+  odt-newsletter-service:
+    resource: pipe
+    order: 10
+    parameters:
+      command: '/bin/journalctl -o cat -fl -u odt-newsletter-service.service'
+      type: webapp
+      tags:
+        - 'int'
+        - "%{customer}"
+        - "odt-newsletter-service"
+      codec:
+        type: multiline
+        what: previous
+        pattern: "^%%{ich-trickse}{TIMESTAMP_ISO8601}"
+        negate: true