Puppet Class: lsys::webserver::params
- Defined in:
- manifests/webserver/params.pp
Summary
Web server parameters on local systemOverview
Web server parameters on local system
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
# File 'manifests/webserver/params.pp', line 7
class lsys::webserver::params {
include tlsinfo::params
# use directory defined by http://nginx.org/packages/
$user_shell = $facts['os']['family'] ? {
'RedHat' => '/sbin/nologin',
default => '/usr/sbin/nologin',
}
$user_home = '/var/www'
# Try to use static Uid/Gid (official for RedHat is apache/48 and for
# Debian is www-data/33)
$user_id = $facts['os']['family'] ? {
'RedHat' => 48,
default => 33,
}
$user = $facts['os']['family'] ? {
'RedHat' => 'apache',
default => 'www-data',
}
$group_id = $user_id
$group = $user
$ssl_settings = {
'ssl' => true,
'http2' => true,
'ssl_session_timeout' => '1d',
'ssl_cache' => 'shared:SSL:50m',
'ssl_session_tickets' => false,
'ssl_protocols' => 'TLSv1.2 TLSv1.3',
'ssl_ciphers' => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384', # lint:ignore:140chars
'ssl_prefer_server_ciphers' => false,
'ssl_stapling' => true,
'ssl_stapling_verify' => true,
'ssl_add_header' => {
'Strict-Transport-Security' => 'max-age=63072000',
},
}
# Client authentication
$internal_certdir = "${tlsinfo::params::certbase}/internal"
$internal_cacert = "${internal_certdir}/ca.pem"
}
|